Igor
Never mind
I was looking at the incorrect log snippet. I should have been sleeping then…
128.48. - - [06/May/2010:17:37:02 --0700]
[sseqa.ucop.edu/sid#8117f48][rid#a20d2a0/initial] (1) pass through /*
128.48. - - [06/May/2010:17:37:02 --0700]
[sseqa.ucop.edu/sid#8117f48][rid#a20d2a0/initial] (2) init rewrite engine with
requested uri /*
128.48. - - [06/May/2010:17:37:02 --0700]
[sseqa.ucop.edu/sid#8117f48][rid#a20d2a0/initial] (3) applying pattern '.*' to
uri '/pp6/'
128.48. - - [06/May/2010:17:37:02 --0700]
[sseqa.ucop.edu/sid#8117f48][rid#a20d2a0/initial] (4) RewriteCond: input='GET'
pattern='^TRACE' => not-matched
128.48. - - [06/May/2010:17:37:02 --0700]
[sseqa.ucop.edu/sid#8117f48][rid#a20d2a0/initial] (1) pass through /*/
128.48. - - [06/May/2010:17:37:03 --0700]
[sseqa.ucop.edu/sid#8117f48][rid#a20d2a0/initial] (2) init rewrite engine with
requested uri /*/login.jsp
128.48. - - [06/May/2010:17:37:03 --0700]
[sseqa.ucop.edu/sid#8117f48][rid#a20d2a0/initial] (3) applying pattern '.*' to
uri '/*/login.jsp'
128.48. - - [06/May/2010:17:37:03 --0700]
[sseqa.ucop.edu/sid#8117f48][rid#a20d2a0/initial] (4) RewriteCond: input='GET'
pattern='^TRACE' => not-matched
128.48.101.10 - - [06/May/2010:17:37:03 --0700]
[sseqa.ucop.edu/sid#8117f48][rid#a20d2a0/initial] (1) pass through /*/login.jsp
So basically my rule does not work and it throws the same page either for a
user within UCOP or for an external user.
Any more ideas that you would want me to try
Can I pipe REMOTE_ADDR to HTTP_X-Forwarded_For , if so how do I do that?
Thanks
Priya
From: Priya Vadlakonda (Contractor)
Sent: Thursday, May 06, 2010 5:47 PM
To: users@httpd.apache.org
Subject: RE: [us...@httpd] IP based redirect with mod_rewrite
I think have the solution ..
RewriteEngine on
RewriteCond %{REMOTE_ADDR) !^(128\.48\.\.+)$
RewriteCond %{REQUEST_URI) ^*
Redirect permanent .* https://.....
All this time I was using Rewriterule instead of Redirect and it was failing. I
changed it redirect and at the outset it seems to be working
However, I need to test this more extensively, I only get stipulated time to
test this since its pretty busy time.
Will let you know if this works without any hiccups.
Thanks Charan and Igor for looking into this.
/Priya
From: Priya Vadlakonda (Contractor) [mailto:priya.vadlako...@ucop.edu]
Sent: Wednesday, May 05, 2010 8:31 PM
To: users@httpd.apache.org
Subject: Re: [us...@httpd] IP based redirect with mod_rewrite
True
The problem is on the fail over environment, we don't have a load balancer and
they would want a solution on Apache so they can implement the same even in the
fail over env
I will anyway send the log, may be you have more ideas
Thanks
Priya
________________________________
From: Igor Cicimov
To: users@httpd.apache.org
Sent: Wed May 05 18:54:46 2010
Subject: Re: [us...@httpd] IP based redirect with mod_rewrite
Yeah that's what I was suspecting. Because of the F5 masquerading the apache is
not getting the client IP but the one set by F5.
The simplest solution would be to set the rule you need on the F5 load balancer
than on apache server.
Igor
On Thu, May 6, 2010 at 11:36 AM, Priya Vadlakonda (Contractor)
<priya.vadlako...@ucop.edu> wrote:
If I remember right, I think when I set the log for debugging
The rule does not seem to work as expected and is checking proxy ip instead of
client ip
Anyway, to be sure I will set up the rule yet again and send you the log
snippet.
Thanks
Priya
________________________________
From: Igor Cicimov
To: users@httpd.apache.org
Sent: Wed May 05 18:27:11 2010
Subject: Re: [us...@httpd] IP based redirect with mod_rewrite
I wonder why the %{REMOTE_ADDR} approach is failing? Are you getting a wrong
REMOTE_ADDR or your rule is not working? Can you please post your rewrite rule
for that case and appropriate rewrite logs with RewriteLogLevel set as high as
possible for debugging?
You can also try to combine SetEnvIf and mod_rewrite for Remote_Addr parameter
but if the above try is failing this one should be failing too since
practically both are checking the same variable.
Igor
On Thu, May 6, 2010 at 6:09 AM, Priya Vadlakonda (Contractor)
<priya.vadlako...@ucop.edu> wrote:
Hi
How do I set up a rule in Apache( If at all that is possible) to redirect
traffic based on the IP address of the client.
Here is the set up of the env
There is a reverse proxy (F5 LTM) that does SSL offloading and this is the
first point the user hits and this does load balancing across our Apache Web
Servers.
So, we have Apache as a proxy server that sits behind the firewall and this is
the second entry point.
The problem is I would need to set up a rewrite rule in Apache that diverts
user to a web page depending on the original IP address of the client.
We run Apache v2 and use {X-Forwarded-For}i feature that enables us to record
the IP address of the client in the access log.
In the access log I get both the F5 proxy IP and also the original client IP.
wsad...@dolores:/etc/apache2> rpm -qa | grep apache2
apache2-2.0.49-27.38
apache2-worker-2.0.49-27.38
Now the condition and rule
As soon as the client hits the F5 and the request is sent to Apache, I need
Apache to make a decision by getting the actual client IP and routing to the
appropriate web page.
Say if the user is accessing a URI /* and the request is coming from within
128.48.0.0/16 or ucop.edu domain
I need users to get to https://sseqa.ucop.edu/*
For any other client IP requesting the same URI, Apache should make a decision
to re route the request to a different site https://--------
How do I do that?
Any support is appreciated.
I tried several ways to establish this but each time it fails. I don’t have the
failure logs for one particular attempt.
%{REMOTE_ADDR}
%{HTTP:X-FORWARDED-FOR}
%{REMOTE_HOST} - When trying for a domain based redirect
Thanks
Priya
