Wouldn't this work if we enable X-Forwarded headers on the Load Balancers.
Thanks,
Charan
On Wed, May 5, 2010 at 6:54 PM, Igor Cicimov <icici...@gmail.com> wrote:
> Yeah that's what I was suspecting. Because of the F5 masquerading the
> apache is not getting the client IP but the one set by F5.
>
> The simplest solution would be to set the rule you need on the F5 load
> balancer than on apache server.
>
> Igor
>
>
> On Thu, May 6, 2010 at 11:36 AM, Priya Vadlakonda (Contractor) <
> priya.vadlako...@ucop.edu> wrote:
>
>> If I remember right, I think when I set the log for debugging
>>
>> The rule does not seem to work as expected and is checking proxy ip
>> instead of client ip
>>
>> Anyway, to be sure I will set up the rule yet again and send you the log
>> snippet.
>>
>> Thanks
>> Priya
>>
>> ------------------------------
>> *From*: Igor Cicimov
>> *To*: users@httpd.apache.org
>> *Sent*: Wed May 05 18:27:11 2010
>> *Subject*: Re: [us...@httpd] IP based redirect with mod_rewrite
>> I wonder why the %{REMOTE_ADDR} approach is failing? Are you getting a
>> wrong REMOTE_ADDR or your rule is not working? Can you please post your
>> rewrite rule for that case and appropriate rewrite logs with RewriteLogLevel
>> set as high as possible for debugging?
>>
>> You can also try to combine SetEnvIf and mod_rewrite for Remote_Addr
>> parameter but if the above try is failing this one should be failing too
>> since practically both are checking the same variable.
>>
>> Igor
>>
>> On Thu, May 6, 2010 at 6:09 AM, Priya Vadlakonda (Contractor) <
>> priya.vadlako...@ucop.edu> wrote:
>>
>>> Hi
>>>
>>>
>>>
>>> How do I set up a rule in Apache( If at all that is possible) to redirect
>>> traffic based on the IP address of the client.
>>>
>>>
>>>
>>> Here is the set up of the env
>>>
>>>
>>>
>>> There is a reverse proxy (F5 LTM) that does SSL offloading and this is
>>> the first point the user hits and this does load balancing across our Apache
>>> Web Servers.
>>>
>>>
>>>
>>> So, we have Apache as a proxy server that sits behind the firewall and
>>> this is the second entry point.
>>>
>>>
>>>
>>> The problem is I would need to set up a rewrite rule in Apache that
>>> diverts user to a web page depending on the original IP address of the
>>> client.
>>>
>>>
>>>
>>> We run Apache v2 and use {X-Forwarded-For}i feature that enables us to
>>> record the IP address of the client in the access log.
>>>
>>>
>>>
>>> In the access log I get both the F5 proxy IP and also the original
>>> client IP.
>>>
>>>
>>>
>>> wsad...@dolores:/etc/apache2> rpm -qa | grep apache2
>>>
>>> apache2-2.0.49-27.38
>>>
>>> apache2-worker-2.0.49-27.38
>>>
>>>
>>>
>>> Now the condition and rule
>>>
>>>
>>>
>>> As soon as the client hits the F5 and the request is sent to Apache, I
>>> need Apache to make a decision by getting the actual client IP and routing
>>> to the appropriate web page.
>>>
>>>
>>>
>>> Say if the user is accessing a URI /* and the request is coming from
>>> within 128.48.0.0/16 or ucop.edu domain
>>>
>>>
>>>
>>> I need users to get to https://sseqa.ucop.edu/*
>>>
>>>
>>>
>>> For any other client IP requesting the same URI, Apache should make a
>>> decision to re route the request to a different site https://--------
>>>
>>>
>>>
>>> How do I do that?
>>>
>>>
>>>
>>> Any support is appreciated.
>>>
>>>
>>>
>>> I tried several ways to establish this but each time it fails. I don’t
>>> have the failure logs for one particular attempt.
>>>
>>>
>>>
>>> %{REMOTE_ADDR}
>>>
>>> %{HTTP:X-FORWARDED-FOR}
>>>
>>> %{REMOTE_HOST} - When trying for a domain based redirect
>>>
>>>
>>>
>>> Thanks
>>>
>>> Priya
>>>
>>>
>>>
>>>
>>>
>>
>>
>
