httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luca Toscano <toscano.l...@gmail.com>
Subject Re: [users@httpd] mod_authz_core and http response 451
Date Wed, 06 Sep 2017 08:02:12 GMT
Hi Galen,

2017-09-05 22:02 GMT+02:00 Galen Johnson <solitaryr@gmail.com>:

> Hello,
>
> I've googled a bit and I can't find a way to handle this without using a
> rewrite rule.
>
> I'm setting up a rule using mod_geoip to block embargoed countries.  I set
> up the config as follows:
>
>     <Location />
>       # Blocking a client based on country
>       SetEnvIf GEOIP_COUNTRY_CODE CU BlockCountry
>       SetEnvIf GEOIP_COUNTRY_CODE IR BlockCountry
>       SetEnvIf GEOIP_COUNTRY_CODE KP BlockCountry
>       SetEnvIf GEOIP_COUNTRY_CODE SY BlockCountry
>
>       <RequireAll>
>         Require all granted
>         <RequireNone>
>           Require env BlockCountry
>         </RequireNone>
>       </RequireAll>
>     </Location>
>
> This works but returns a 403.  I'd like for it to return a 451.  Is this
> possible?  Or am I going to have to stick with using a rewrite rule
> (without the require block)?
>
>     <IfModule mod_rewrite.c>
>         RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(CU|IR|KP|SY)$
>         RewriteRule ^(.*)$ https://example.com/$1 [NE,R=451,L]
>     </IfModule>
>
> If there is a preferred way to handle this, I'd be interested in that as
> well.
>
>
probably the rewrite rule is more flexible for your use case, I am not
aware of any way of returning something different than 403 after breaching
Require constraints.

Luca

Mime
View raw message