Rewriting requests based on ip addresses
July 2010
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
About
This site is an effort to share some of the base knowledge I have gathered through all this years working with Linux, FreeBSD, OpenBSD, Python or Zope, among others. So, take a look around and I hope you will find the contents useful.
Recent Entries
Discovering Colman's mustard(07/27 17:27)
Europython 2010: back home(07/26 03:30)
Europython 2010: last conference day(07/23 01:00)
Europython 2010: Third conference day and conference dinner(07/22 00:30)
Europython 2010: Second conference day(07/21 04:09)
europython 2010: TinyHTTPProxy and troublesome wireless(07/20 17:20)
europython 2010: First conference day(07/20 01:30)
europython 2010: The road to Birmingham(07/18 23:24)
El desenlace de mi problema con Vodafone(06/14 21:38)
Más sobre vodafone y el por qué se desesperan los usuarios(06/07 17:51)
Recent Comments
Re: NFS server behind a PF firewall(Wu : 07/27 23:49)
Re: NFS server behind a PF firewall(Roger at Network Storage Tips : 07/27 23:33)
Re: Autocompletion for your python shell|console|interpreter(Wu : 07/27 17:06)
Re: Autocompletion for your python shell|console|interpreter(double boiler : 07/27 15:03)
Re: europython 2010: TinyHTTPProxy and troublesome wireless(Wu : 07/21 11:07)
Re: europython 2010: TinyHTTPProxy and troublesome wireless(betabug : 07/21 09:40)
Re: europython 2010: TinyHTTPProxy and troublesome wireless(Juanjo : 07/20 18:07)
Re: FreeBSD + gmirror = defence against hard drive failures(Wu : 06/10 18:29)
Re: FreeBSD + gmirror = defence against hard drive failures(Hans : 06/10 05:28)
Re: Más sobre vodafone y el por qué se desesperan los usuarios(Wu : 06/07 18:24)
planet.e-shell.org

collective.solr 1.0rc1 (Release candidate)
2010-07-30 plone.org releases

Products.cron4plone 1.1.5rc1 (Release candidate)
2010-07-30 plone.org releases

vs.dashboardmanager 0.2.6.1
2010-07-30 plone.org releases

Heads up! OpenBSD now supports multi-byte characters!
2010-07-30 OpenBSD Journal (undeadly.org)

Setting the Focus Distance on the Epson V700 Scanner
2010-07-29 betabug

Gnome Census Released (and Red Hat 16% vs Canonical 1% Flame)
2010-07-29 Ramble on

Cómo conectarse a bases de datos SQLite desde NetBeans
2010-07-29 vaites (dmnet)

Diferencias cambiando de Perl a Python
2010-07-28 blackshell

Monos y cacahuetes
2010-07-28 userlinux.net

No Gazoline
2010-07-28 betabug

[c2k10] (Part 5)
2010-07-28 OpenBSD Journal (undeadly.org)

Cómo evitar fbc_channel=1 con Facebook Fan/Like Box
2010-07-28 vaites (dmnet)

Copyright Nonsense
2010-07-28 Ramble on

New Plone Usergroup in Charlottesville, VA kicks off July 29th
2010-07-28 plone.org news

Redimensionar la ventana de Firefox sin extensiones
2010-07-27 vaites (dmnet)

ἀφορισμός XII: Silencio
2010-07-27 emereci

New committer: Baptiste Daroussin (ports)
2010-07-27 FreeBSD latest news

[c2k10] The Hackathon BBQ (Part 4) - June 25 - July 3, 2010, Edmonton, Alberta, Canada
2010-07-26 OpenBSD Journal (undeadly.org)

Setting up Bacula
2010-07-26 Evilcoder

Plone 4 upgrade coming to plone.org
2010-07-25 plone.org news

So I bought a Scanner
2010-07-24 betabug

FreeBSD 8.1 RELEASED
2010-07-24 Evilcoder

FreeBSD 8.1-RELEASE Available
2010-07-23 FreeBSD latest news

Announcing Tornado 1.0
2010-07-23 Ramble on

Sauna Sprint just around the corner
2010-07-22 plone.org news

April-June, 2010 Status Report
2010-07-22 FreeBSD latest news

O culeiro
2010-07-21 emereci

Limitando usuarios ssh en Mercurial
2010-07-21 userlinux.net

The Wire
2010-07-20 emereci

Comienza la mudanza, nos vamos a Reading
2010-07-18 blackshell

Recent Trackbacks
Aprender Python en Lugo(10/27 19:09)
Categories
OpenBSD (8 items)
BSD (0 items)
FreeBSD (12 items)
Linux (2 items)
Security (3 items)
Python (18 items)
Zope (13 items)
Daily (120 items)
e-shell (8 items)
Hacks (7 items)
PostgreSQL (3 items)
OSX (7 items)
Nintendo DS (0 items)
enlightenment (0 items)
Apache (3 items)
Nintendo Wii (0 items)
Django (23 items)
Music (9 items)
Plone (7 items)
Varnish (0 items)
Lugo (1 items)
Sendmail (-1 items)
europython (7 items)
Archives
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009

Syndicate this site (XML)

RSS/RDF 0.91

05 enero
2008

Rewriting requests based on ip addresses

or how to put those users where they should be...
[Apache]  [Hacks] 

I found that recipe very useful only 2 days ago.

Imagine you manage a web server, in that web server you have a website with some dynamic-like control panel, where users can log in and modify contents.

Now think about the time when you need to do some modifications/updates on the website code. In an do-the-right-things world you would have a server with a versioning control system (like svn, cvs or darcs) where the website source code will be stored. Of course you would have a development web server, where the changes will be tested before commiting them to the source tree. In that case, you shouldn't need to follow this recipe.

But what happen when you don't have such infraestructure or for any other reason, you have to do the changes directly on the production website code? You probably would like to disable access temporaly to any other user except you.

Well, knowing the problem, let's take a look at the solution. Of course, you could use basic http authentication to protect the directory where the website is located, but that will result in an ugly prompt about user and password information. Another approach should be to move aside the directory where the website code is, and replace it with a directory with only a temporaly index file, but that will not allow you to test in real time your changes to the source code. Finally, you could put just a simply index.html/index.htm/index.php/etc file inside the website directory and change the VirtualHost DirectoryIndex directive, but that will not deny access to users, it will hide such access, but any average user could be able to log in anyway.

So, let's take a look at some mod_rewrite magic to find a more elegant solution:

<IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteLogLevel 9
        RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.10
        RewriteCond %{REQUEST_URI} !^/tmp/
        RewriteRule ^(.+) /tmp/$1 [L]
        RewriteLog      /var/log/apache2/vhostname-rewrite.log
</IfModule>

Adding that to your VirtualHost configuration (and if your Apache server has support for mod_rewrite) will activate the rewrite engine, adding two conditions to it.

The first condition:

RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.10

means where remote ip address is not 192.168.1.10.

The second condition:

RewriteCond %{REQUEST_URI} !^/tmp/

means where the request URI is not /tmp.

Finally, we add a rewrite rule:

RewriteRule ^(.+) /tmp/$1 [L]

that will send the users to where they should be.

So, what does this all means? It means that every request coming from an ip address different than 192.168.1.10, trying to get access to any directory or file different than /tmp, will be redirected to that directory.

Now you only have to create a directory called tmp inside the website directory and put in there whateve you want (probably an index file with some css and images).

Of course this is only an example about how to use this basic ip address filtering. You could use that for serve content dinamically based on ip address and for much more. If you want to learn more about mod_rewrite and its capabilities, just take a look at the apache rewriting guide.

Posted by wu at 03:01 | Comments (0) | Trackbacks (0)
<< Feliz navidad (2008 edition) | Main | bunker time: web frameworks >>
Comments
There are no comments.
Trackbacks
Please send trackback to:http://blog.e-shell.org/25/tbping
There are no trackbacks.
Post a comment