Trying to redirect a url to another page by IP range

apache-2.2 mod-rewrite mod-proxy

I'm having a bit of a trouble here. I have this several rewrite rules which I think does not work.

My main purpose is to restrict pages and allow only specific IP or network block.

RewriteEngine On
RewriteLog "/data/wre/var/logs/modrewrite.log"
RewriteLogLevel 5

RewriteCond %{REMOTE_ADDR} !^192\.168\.10\..*
RewriteCond %{REMOTE_ADDR} !^72\.139\.201\..*
RewriteCond %{REMOTE_ADDR} !^129\.233\.4\..*
RewriteCond %{REMOTE_ADDR} !^208\.118\.97\32
RewriteRule ^/solutions https://example.com/account/signin?go=outside [R,NE,NC]

I tested this again and it seems not to work? Did I did something wrong?


Try this:

RewriteEngine On
RewriteLog "/data/wre/var/logs/modrewrite.log"
RewriteLogLevel 5

RewriteCond %{REMOTE_ADDR} ^192\.168\.10\..* [OR]
RewriteCond %{REMOTE_ADDR} ^72\.139\.201\..* [OR]
RewriteCond %{REMOTE_ADDR} ^129\.233\.4\..*  [OR]
RewriteCond %{REMOTE_ADDR} ^208\.118\.97\.32
RewriteRule ^/solutions https://example.com/account/signin?go=outside [NE,NC,R=301]

Note, multiple RewriteCond directives are implicitly AND'd, you need to specify if they should be OR'd instead. If you want the browser to remember the redirection, specifying a permanent redirection might save some future processing.

Depending on your config, it might be easier to specify the Known Good ranges and redirect for everyone else. From the rewrite manual on redirecting foreigners: Apache Manual

RewriteEngine on
RewriteCond   %{REMOTE_HOST}  !^.+\.ourdomain\.com$
RewriteRule   ^/solutions      https://example.com/account/signin?go=outside [NE,NC,R=301]

It looks like you are creating a curtain (a sign-in wall, pay-wall, or maintenance-curtain, etc) that all-but a few IP ranges in the internet can get to.

This is what I have done to create such a configuration:

# This implements a maintenance curtain; only these three IPs
# can look behind the curtain. Note its useful to allow the box
# itself too.
#
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !127.0.0.1
RewriteCond %{REMOTE_ADDR} !123.234.45.6
RewriteCond %{REMOTE_ADDR} !123.234.45.78
RewriteCond %{REQUEST_URI} !^/maintenance-curtain/.*
RewriteRule / / [L,R=503]

ErrorDocument 503 /maintenance-curtain/index.html
ProxyPass /maintenance-curtain !
Alias /maintenance-curtain /var/www/maintenance-curtain

And that does look quite similar to yours. I suggest you simplify and test with just one IP first. If the rest if your configuration is fairly complex, it might be getting in the way, so try proving this in a smaller context, or moving it earlier in the configuration. Are virtualhosts getting in the way; do you need to replicate the configuration (use an Include if you need to do that).

I will say though, that I have (I think) known things like REMOTE_ADDR to not be set in the case where some other module is not enabled.... its been a while since I struck that behaviour... is cgi_module enabled?

Related

Apache Server Performance Monitoring
sysadmin tutorials? [closed]
set the width of select2 input (through Angular-ui directive)
NSInvalidUnarchiveOperationException: Could not instantiate class named NSLayoutConstraint
MySQL Like multiple values
Detect click outside element
Android Studio - Android Emulator Wifi Connected with No Internet
jQuery/Javascript function to clear all the fields of a form [duplicate]
How to add an Android Studio project to GitHub [duplicate]
Find an object in array?
Reserved keywords in JavaScript
Netflow record can't get octets (jnca)