On Tue, Oct 29, 2024 at 12:25 PM Rainer Canavan
<rainer.cana...@sevenval.com.invalid> wrote:
> On Tue, Oct 29, 2024 at 5:11 PM Marc <m...@f1-outsourcing.eu> wrote:
> >
> > >
> > >
> > > I am blocking most of amazon,google,azure clouds with ipsets. I also
> seem
> > > to have added (automatically) ranges that were abusive from apple safe
> > > browsing (or so?)
> > >
> > > I would like to remove these ip addresses of apple safe browsing from
> the
> > > tcp filter, but I want httpd to redirect all these ip clients to a
> single
> > > page. Telling users to disable safe browsing.
> > >
> > > How can I best do this?
> > >
> >
> > I have currently these ranges on my abuse list that match ranges apple
> is communicating as being used by them. I was also thinking about this
> marking that you can do with ip tables and then based on the mark, maybe
> redirect to some page?
> >
> >
> > 104.28.30.0/25
> > 104.28.30.128/27
>
> My first suggestion would have been a set of RewriteRule / rewriteCond
> to serve a static html page for all clients that match. Since
> mod_rewrite doesn't support IP subnet matching, but only regexes on
> e.g. "%{REMOTE_ADDR}", that's not really going to be a nice solution
> for such a long list of networks.
>
> As an alternative, you can use Require ip
> (https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require)
> and define a suitable ErrorDocument.
>
> If you're using ip tables, you can re-route the request to a different
> TCP port and configure a vhost that serves the chosen document for any
> request to any path.
>
> Rainer
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Rainer, a RewriteMap would solve that problem.
