Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Multiple htaccess redirect conditions?How to? |
|
Author |
|
darksign
Joined: 05 Mar 2019 Posts: 3 Location: Greece, Athens
|
Posted: Tue 05 Mar '19 12:17 Post subject: Multiple htaccess redirect conditions?How to? |
|
|
So here is my problem : Lets say we have this domain : http://example.com/
When I access this domain from a specific location with this static ip : 1.1.1.1 nothing should happen
But if I try to access it from any other location/ip : 1) I want it to redirect here : example.com/main/
2) once is redirected to example.com/main/ It should allow me to navigate to any link inside .../main/ But if I try to navigate to anything else which is not inside .../main/ and I am still on a different Ip 2.2.2.2 , eg. example.com/home/ , example.com/contact/ etc It should redirect me back to example.com/main/
3) once I am inside example.com/main/ if my ip is not from 2 specific countries, it should not allow me to access it at all
Scenario 1, I am at work with the static ip -> Do nothing
Scenario 2, I am at home in Germany on one of the 2 allowed countries (germany, italy) -> redirect me to example.com/main/
Scenario 3, I am still at home but I am trying ro access different directories like .../home/ , .../contact/ etc-> redirect me back to example.com/main/ and allow me to access any link inside ../main/ Eg example.com/main/test/.. etc
Scenario 4, I am on vacation in Spain -> do not allow access
Can anyone help please; This seems really complicated to me and I have no idea how to set it up properly
( no clue how htaccess works, I only have html+css and some php knowledge )
-----------
Apache Version 2.4.38
cPanel Version 70.0 (build 61)
Operating System linux |
|
Back to top |
|
mraddi
Joined: 27 Jun 2016 Posts: 152 Location: Schömberg, Baden-Württemberg, Germany
|
Posted: Thu 07 Mar '19 11:16 Post subject: |
|
|
There is some documentation on how to install libapache2-mod-geoip - just google for this .
Please keep in mind that geo-ip is not 100% accurate. According geo-ip the IP-addresses we use in our company in Germany is located in Belgium.
And keep in mind that looking up the gelocation for the ip puts additional load onto the server. That's why geo-ip is not enabled by default - so you have to enable it explicit with "GeoIPEnable On".
Check that you are allowed to use .htaccess by changing apache's config from "AllowOverride None" to "AllowOverride All" - at least for your virtual host.
Now we can do the .htaccess-stuff
One approach is the following:
Code: | RewriteEngine On
# if you are from ip-address
RewriteCond %{REMOTE_ADDR} ^1.2.3.4$
# don't alter URL and skip next two rules (https://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_s)
RewriteRule ".?" "-" [S=2]
# if you are not from ITaly or DEutschland
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^(IT|DE)$
# forbid access (https://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_f) - the L-flag is implicit
RewriteRule ^ - [F]
# if you are not accessing /main/
RewriteCond %{REQUEST_URI} !^/main/
# do a redirect (https://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_r) - the 302 is the default
RewriteRule ^(.*) /main/ [R=302,L] |
There are many ways to Rome - so another idea is the following:
Code: | RewriteEngine On
# if you are not from ip-address
RewriteCond %{REMOTE_ADDR} !^1.2.3.4$
# AND (implicit - if you want to have OR use the [OR] behind the Rewrite Cond - see http://httpd.apache.org/docs/current/mod/mod_rewrite.html) not from ITaly or DEutschland
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^(IT|DE)$
# Forbid access (https://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_f) - the L-flag is implicit
RewriteRule ^ - [F]
# To get here I am from the static-ip-address or from BE|DE
# if you are not from ip-address
RewriteCond %{REMOTE_ADDR} !^1.2.3.4$
# AND if you are not accessing /main/
RewriteCond %{REQUEST_URI} !^/main/
# do a redirect (https://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_r) - the 302 is the default
RewriteRule ^(.*) /main/ [R=302,L]
# To get here I am either from static-ip-address or accessing /main/ |
|
|
Back to top |
|
darksign
Joined: 05 Mar 2019 Posts: 3 Location: Greece, Athens
|
Posted: Thu 07 Mar '19 17:10 Post subject: |
|
|
Thanks for the suggestion mraddi,
I haven't tested it yet because it seems complicated to install the geo-ip plugin and I prefer to keep the server load to minimum as the site will have more online users in the future so I don't want to make it "laggy".
I found this site -> https://www.ip2location.com/free/visitor-blocker
which provides some ip lists so you can use those in a htaccess file but I'm not sure how can I combine those with the provided solution.
Can you provide an alternative using this way?
scenario 1 -> static ip 1.1.1.1 / do nothing
scenario 2 -> if not 1.1.1.1 redirect to "example.com/main/"
scenario 2.1 -> once you are inside "example.com/main/" if you are not accessing it from the following ip list :
- Italy(list example)->
allow from 212.177.142.0/23
allow from 212.177.144.0/24
................
allow from 212.177.145.128/25
allow from 212.177.146.0/26
- Germany (list example)**** (if the static ip is part of the list will be that be an issue, like starting a loop?)
allow from 217.5.186.128/25
allow from 217.5.187.0/24
................
allow from 217.6.25.0/25
allow from 217.6.25.128/27
deny access.
scenario 2.2 - > if you are accessing "example.com/main/" from the ip's above but you are trying to navigate outside "example.com/main/" eg "example.com/home/" , "example.com/contact/" etc then redirect me back to -> "example.com/main/"
--------------------------------------------------
by the way I can see that I didn't mention this before but "example.com/" is a joomla site and all links
"example.com/main/"
"example.com/home/"
"example.com/contact/" etc are "pseudo/virtual" links (php generated I suppose) so those are not actual directories inside "example.com/"
a) I don't know if this affects the htaccess coding or not.
b) is this approach going to create the same server load or is this a "lighter" version?
Thanks in advance for your help.
George. |
|
Back to top |
|
mraddi
Joined: 27 Jun 2016 Posts: 152 Location: Schömberg, Baden-Württemberg, Germany
|
Posted: Fri 08 Mar '19 0:46 Post subject: |
|
|
Hello George,
I've "translated" your scenarios to:
1) if you are from static ip 1.1.1.1 everything is allowed. Don't check 2) + 3)!
2) if you are from Germany or Italy you are allowed to access /home/*. All requests to other directories beside /home/ are redirected to /home/. Don't check 3)!
3) every other request is blocked
The provided .htaccess-files match these three requirements.
As I am not familiar with Joomla I don't know if this works in combination with Joomla.
A quick look into Joomla's installation-zip showed a htaccess-file which prevents from some exploits an rewrites every requst that is not a physical file or a physical folder to index.php.
So I would try to add the one of my .htaccess-examples above the entries in the .htaccess-file already on your harddrive and see what happens.
As the files for Italy and Germany from www.ip2location.com are thousands of lines and around 2MByte in size I doubt that this would be faster than the mod_geoip-approach.
At least the mod_geoip-version is easier to understand and therefore easier to maintain.
You might try the mod_geoip-approach and do some load-test and compare this to requests with mod_geoip disabled. As I haven't compared it by myself I'm interested in the results.
Best regards
Matthias |
|
Back to top |
|
darksign
Joined: 05 Mar 2019 Posts: 3 Location: Greece, Athens
|
Posted: Fri 08 Mar '19 8:07 Post subject: |
|
|
Thanks for your help Mathias,
I will run some tests during the weekend and report back next week probably.
Have a great weekend ahead.
Best regards,
George. |
|
Back to top |
|
|
|
|
|
|