Yeah that's what I was suspecting. Because of the F5 masquerading the apache is not getting the client IP but the one set by F5.
The simplest solution would be to set the rule you need on the F5 load balancer than on apache server.
IgorOn Thu, May 6, 2010 at 11:36 AM, Priya Vadlakonda (Contractor) <Priya.Vadlakonda@xxxxxxxx> wrote:
If I remember right, I think when I set the log for debugging
The rule does not seem to work as expected and is checking proxy ip instead of client ip
Anyway, to be sure I will set up the rule yet again and send you the log snippet.
Thanks
Priya
From: Igor Cicimov
To: users@xxxxxxxxxxxxxxxx
Sent: Wed May 05 18:27:11 2010
Subject: Re: [users@httpd] IP based redirect with mod_rewriteI wonder why the %{REMOTE_ADDR} approach is failing? Are you getting a wrong REMOTE_ADDR or your rule is not working? Can you please post your rewrite rule for that case and appropriate rewrite logs with RewriteLogLevel set as high as possible for debugging?
You can also try to combine SetEnvIf and mod_rewrite for Remote_Addr parameter but if the above try is failing this one should be failing too since practically both are checking the same variable.
Igor
On Thu, May 6, 2010 at 6:09 AM, Priya Vadlakonda (Contractor) <Priya.Vadlakonda@xxxxxxxx> wrote:
Hi
How do I set up a rule in Apache( If at all that is possible) to redirect traffic based on the IP address of the client.
Here is the set up of the env
There is a reverse proxy (F5 LTM) that does SSL offloading and this is the first point the user hits and this does load balancing across our Apache Web Servers.
So, we have Apache as a proxy server that sits behind the firewall and this is the second entry point.
The problem is I would need to set up a rewrite rule in Apache that diverts user to a web page depending on the original IP address of the client.
We run Apache v2 and use {X-Forwarded-For}i feature that enables us to record the IP address of the client in the access log.
In the access log I get both the F5 proxy IP and also the original client IP.
wsadmin@dolores:/etc/apache2> rpm -qa | grep apache2
apache2-2.0.49-27.38
apache2-worker-2.0.49-27.38
Now the condition and rule
As soon as the client hits the F5 and the request is sent to Apache, I need Apache to make a decision by getting the actual client IP and routing to the appropriate web page.
Say if the user is accessing a URI /* and the request is coming from within 128.48.0.0/16 or ucop.edu domain
I need users to get to https://sseqa.ucop.edu/*
For any other client IP requesting the same URI, Apache should make a decision to re route the request to a different site https://--------
How do I do that?
Any support is appreciated.
I tried several ways to establish this but each time it fails. I don’t have the failure logs for one particular attempt.
%{REMOTE_ADDR}
%{HTTP:X-FORWARDED-FOR}
%{REMOTE_HOST} - When trying for a domain based redirect
Thanks
Priya
|