Rainer Brandl

Apache – Redirect based on IP tables

Some days ago I received the question of a customer, if it´s possible to use a Reverse Proxy to either redirect to an internal or an external server based on IP ranges. After some searches and help from Martin Leyrer ( thanks a lot for your suggestions ), I figured out the complete configuration file for this special customer.

If you need some URL redirection/rewriting, feel free to use this code ( suggestions for better ways to accomplish this request are highly welcome ):

ServerName server01.company.com

# Redirect all requests to SSL
Redirect permanent / https://server01.company.com

ErrorLog /var/www/virtual/logs/portal.company.com_error.log
CustomLog /var/www/virtual/logs/server01.company.com_access.log common

ServerName server01.company.com
SSLEngine On
SSLProxyEngine On
ProxyVia On
ProxyRequests Off
ProxyPreserveHost On
ProxyErrorOverride On
RewriteEngine On

# Added due to HTTP 502 errors:
# https://serverfault.com/questions/206738/intermittent-error-when-using-mod-proxy-to-do-reverse-proxy-to-soap-service
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSV1.2

### Thawte Wildcard Certificate
SSLCertificateKeyFile /var/www/virtual/certs/wildcard_company.pem
SSLCertificateFile /var/www/virtual/certs/ssl_certificate.crt
SSLCACertificateFile /var/www/virtual/certs/IntermediateCA.crt

RewriteLogLevel 4
RewriteLog “/var/www/virtual/logs/rewrite.log”

# Those requests – Company internal – are routed to internalserver.company.com
RewriteCond %{REMOTE_ADDR} ^10\.10\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.10\.25\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.21\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.23\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.24\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.25\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.26\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.28\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.29\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.30\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.31\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.32\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.33\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.34\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.35\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.38\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.43\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.44\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.46\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.48\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.49\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.51\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.52\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.53\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.56\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.61\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.64\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.65\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.66\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.67\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.68\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.69\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.70\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.71\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.72\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.73\.10\. [OR]
RewriteCond %{REMOTE_ADDR} ^10\.74\.10\. [OR]
RewriteCond %{REMOTE_ADDR} 192\.168\.002\.
RewriteRule ^/(.*) https://internalserver.company.com/$1 [P]

# All other requests are routed to externalserver.company.com
RewriteRule ^/(.*) https://externalserver.company.com/$1 [P]

ErrorLog /var/www/virtual/logs/server01.company.com_error.log
CustomLog /var/www/virtual/logs/server01.company.com_access.log common

ServerSignature Off
AllowEncodedSlashes On

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s