Rewriting requests based on ip addresses
I found that recipe very useful only 2 days ago.
Imagine you manage a web server, in that web server you have a website with some dynamic-like control panel, where users can log in and modify contents.
Now think about the time when you need to do some modifications/updates on the website code. In an do-the-right-things world you would have a server with a versioning control system (like svn, cvs or darcs) where the website source code will be stored. Of course you would have a development web server, where the changes will be tested before commiting them to the source tree. In that case, you shouldn't need to follow this recipe.
But what happen when you don't have such infraestructure or for any other reason, you have to do the changes directly on the production website code? You probably would like to disable access temporaly to any other user except you.
Well, knowing the problem, let's take a look at the solution. Of course, you could use basic http authentication to protect the directory where the website is located, but that will result in an ugly prompt about user and password information. Another approach should be to move aside the directory where the website code is, and replace it with a directory with only a temporaly index file, but that will not allow you to test in real time your changes to the source code. Finally, you could put just a simply index.html/index.htm/index.php/etc file inside the website directory and change the VirtualHost DirectoryIndex directive, but that will not deny access to users, it will hide such access, but any average user could be able to log in anyway.
So, let's take a look at some mod_rewrite magic to find a more elegant solution:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteLogLevel 9
RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.10
RewriteCond %{REQUEST_URI} !^/tmp/
RewriteRule ^(.+) /tmp/$1 [L]
RewriteLog /var/log/apache2/vhostname-rewrite.log
</IfModule>
Adding that to your VirtualHost configuration (and if your Apache server has support for mod_rewrite) will activate the rewrite engine, adding two conditions to it.
The first condition:
RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.10
means where remote ip address is not 192.168.1.10.
The second condition:
RewriteCond %{REQUEST_URI} !^/tmp/
means where the request URI is not /tmp.
Finally, we add a rewrite rule:
RewriteRule ^(.+) /tmp/$1 [L]
that will send the users to where they should be.
So, what does this all means? It means that every request coming from an ip address different than 192.168.1.10, trying to get access to any directory or file different than /tmp, will be redirected to that directory.
Now you only have to create a directory called tmp inside the website directory and put in there whateve you want (probably an index file with some css and images).
Of course this is only an example about how to use this basic ip address filtering. You could use that for serve content dinamically based on ip address and for much more. If you want to learn more about mod_rewrite and its capabilities, just take a look at the apache rewriting guide.