Rewriting requests based on ip addresses
September 2017
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
About
This site is an effort to share some of the base knowledge I have gathered through all this years working with Linux, FreeBSD, OpenBSD, Python or Zope, among others. So, take a look around and I hope you will find the contents useful.
Recent Entries
Recent Comments
Recent Trackbacks
Categories
OpenBSD (9 items)
BSD (0 items)
FreeBSD (19 items)
Linux (3 items)
Security (3 items)
Python (22 items)
Zope (13 items)
Daily (144 items)
e-shell (9 items)
Hacks (14 items)
PostgreSQL (3 items)
OSX (8 items)
Nintendo DS (0 items)
enlightenment (0 items)
Apache (3 items)
Nintendo Wii (1 items)
Django (24 items)
Music (12 items)
Plone (7 items)
Varnish (0 items)
Lugo (2 items)
Sendmail (0 items)
europython (7 items)
Cherokee (1 items)
self (1 items)
Nature (1 items)
Hiking (0 items)
uwsgi (0 items)
nginx (0 items)
cycling (9 items)
Networking (1 items)
DNS (0 items)
Archives

Syndicate this site (XML)

RSS/RDF 0.91

05 enero
2008

Rewriting requests based on ip addresses

or how to put those users where they should be...

I found that recipe very useful only 2 days ago.

Imagine you manage a web server, in that web server you have a website with some dynamic-like control panel, where users can log in and modify contents.

Now think about the time when you need to do some modifications/updates on the website code. In an do-the-right-things world you would have a server with a versioning control system (like svn, cvs or darcs) where the website source code will be stored. Of course you would have a development web server, where the changes will be tested before commiting them to the source tree. In that case, you shouldn't need to follow this recipe.

But what happen when you don't have such infraestructure or for any other reason, you have to do the changes directly on the production website code? You probably would like to disable access temporaly to any other user except you.

Well, knowing the problem, let's take a look at the solution. Of course, you could use basic http authentication to protect the directory where the website is located, but that will result in an ugly prompt about user and password information. Another approach should be to move aside the directory where the website code is, and replace it with a directory with only a temporaly index file, but that will not allow you to test in real time your changes to the source code. Finally, you could put just a simply index.html/index.htm/index.php/etc file inside the website directory and change the VirtualHost DirectoryIndex directive, but that will not deny access to users, it will hide such access, but any average user could be able to log in anyway.

So, let's take a look at some mod_rewrite magic to find a more elegant solution:

<IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteLogLevel 9
        RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.10
        RewriteCond %{REQUEST_URI} !^/tmp/
        RewriteRule ^(.+) /tmp/$1 [L]
        RewriteLog      /var/log/apache2/vhostname-rewrite.log
</IfModule>

Adding that to your VirtualHost configuration (and if your Apache server has support for mod_rewrite) will activate the rewrite engine, adding two conditions to it.

The first condition:

RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.10

means where remote ip address is not 192.168.1.10.

The second condition:

RewriteCond %{REQUEST_URI} !^/tmp/

means where the request URI is not /tmp.

Finally, we add a rewrite rule:

RewriteRule ^(.+) /tmp/$1 [L]

that will send the users to where they should be.

So, what does this all means? It means that every request coming from an ip address different than 192.168.1.10, trying to get access to any directory or file different than /tmp, will be redirected to that directory.

Now you only have to create a directory called tmp inside the website directory and put in there whateve you want (probably an index file with some css and images).

Of course this is only an example about how to use this basic ip address filtering. You could use that for serve content dinamically based on ip address and for much more. If you want to learn more about mod_rewrite and its capabilities, just take a look at the apache rewriting guide.

Posted by wu at 03:01 | Comments (2) | Trackbacks (0)
<< Feliz navidad (2008 edition) | Main | bunker time: web frameworks >>
Comments
Re: Rewriting requests based on ip addresses

Your regex would also match 192.168.1.105, oops.

Posted by: Ryan Williams at agosto 08,2014 08:24
Re: Rewriting requests based on ip addresses

How can I write a condition to map the request to a remote folder(on a diff physical server) based on source of request.
I have users working from 3 different geo locations and want to redirect users to the closest physical server to fetch content based on their location.

Posted by: Abhishek Yada at diciembre 28,2016 19:03
Trackbacks
Please send trackback to:http://blog.e-shell.org/25/tbping
There are no trackbacks.
Post a comment