homepage Welcome to WebmasterWorld Guest from 54.211.230.186
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Redirecting based on ip addresses
Dexie

10+ Year Member



 
Msg#: 3697848 posted 9:34 am on Jul 14, 2008 (gmt 0)

Hi all, does anyone know how to redirect multiple ip address's to another url please ? The one below, does one, but not sure how to do it for multiple address.

Any help appreciated.

Dexie

RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^123.45.67.8$
RewriteRule ^(.*)$ [yahoo.com...] [L]

 

g1smd

WebmasterWorld Senior Member g1smd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3697848 posted 10:40 am on Jul 14, 2008 (gmt 0)

One way is to add [OR] to the end of the first RewriteCond and add another condition below it.

Do NOT place an [OR] on the final RewriteCond line.

.

You'll also need to escape the periods in your rule:

RewriteCond %{REMOTE_ADDR} ^123\.45\.67\.8$

.

The alternative and slightly more efficient syntax is to use as the OR and do it this way:

RewriteCond %{REMOTE_ADDR} ^(123\.45\.67\.8)(210\.78\.23\.4)$

You can have as many as you like, but it gets unreadable after half a dozen or so.

Beware that posting in this forum breaks the pipe symbol and you will need to type it in again if you copy and paste code from this forum.

Dexie

10+ Year Member



 
Msg#: 3697848 posted 12:32 pm on Jul 14, 2008 (gmt 0)

Many thanks g1smd - the input is appreciated.

A couple of things, what is the pipe thing please ? If this forum doesn't show them, whereabouts on a keyboard is it please ? Or maybe someone has a screenshot of it ?

Also, when you say it's more efficient, in what way ? Does that mean that the page loads more quickly ?

I know from experience, that for a lot of coding in .htaccess, you have to make sure lines of code are all on the same line, bearing in mind, that there might be as many as 20-30 ip's to redirect, what would I do there please ?

Dexie.

bcolflesh

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3697848 posted 12:43 pm on Jul 14, 2008 (gmt 0)

The alternative and slightly more efficient syntax...

Is that proven to process faster? I may have to change mine...

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3697848 posted 12:55 pm on Jul 14, 2008 (gmt 0)

A couple of things, what is the pipe thing please ? If this forum doesn't show them, whereabouts on a keyboard is it please ? Or maybe someone has a screenshot of it ?

the "pipe" is simply a vertical line.
The forum breaks the charcter into two separate verical bars, you may view the broken character using ALT+0166.

Also, when you say it's more efficient, in what way ? Does that mean that the page loads more quickly ?

Not necessarily.
IMO, the example that g1msd provided is a bad use of the or line option.
Personally, I make ever effort to keep the file lines in alpahabetical and numerical order.

I know from experience, that for a lot of coding in .htaccess, you have to make sure lines of code are all on the same line, bearing in mind, that there might be as many as 20-30 ip's to redirect, what would I do there please ?

See above (i. e., separate lines), "as a general rule" in numerical order, unless the are closely separated.

[edited by: wilderness at 12:57 pm (utc) on July 14, 2008]

g1smd

WebmasterWorld Senior Member g1smd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3697848 posted 12:56 pm on Jul 14, 2008 (gmt 0)

I think so, but jdMorgan would likely have the proof already in his head...

For me, the pipe symbol is above back-slash on my (UK) keyboard. You need the "solid" pipe, not the "broken pipe" (shown as ¦ here in the foum) version. The wrong one is next to "1" and above "tab" on my (UK) keyboard.

Dexie

10+ Year Member



 
Msg#: 3697848 posted 2:13 pm on Jul 14, 2008 (gmt 0)

Many thanks for the help on this. Have now found the pipe symbol ;-) Interestingly, above my backslash, it shows as a broken vert line, but when pressing it, it comes out on screen as an unbroken vert line ?

@ Wilderness, assuming you had multiple ip address's, (at least 20), that you wanted to redirect to another domain, how would you do it please ?

Dexie.

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3697848 posted 2:22 pm on Jul 14, 2008 (gmt 0)

Twenty lines is no big deal (even hundreds when done properly when not CPU intensive).

g1smd has graciously provided you with the groundwork. There are many more examples in the forum archives.

All you need to do is expand the lines in g1smd example.

I would caution you against denying short, that is denying to the precise Class D range. You'll find that, in most every instance to implement these precise ranges, the visitor will only return on a different number to bite you in the backside.

Dexie

10+ Year Member



 
Msg#: 3697848 posted 2:44 pm on Jul 14, 2008 (gmt 0)

Many thanks and yes, I found the code from g1smd very helpful, but I thought you were saying that there was another way of doing it ?

By class D, I assume you mean that it's best to redirect based on the 1st 3 octets, rather than all 4 ?

How's the code looking below ? Does it matter if the line with the ip address's is not on one line,

RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^(123\.45\.67\.8)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦$
RewriteRule ^(.*)$ [yahoo.com...] [L]

Dexie

jdMorgan

WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3697848 posted 2:44 pm on Jul 14, 2008 (gmt 0)

Using local (piped) ORs is faster in .htaccess, where the code is interpreted for each HTTP request.

Using one-line per condition [OR]s is faster in http.conf and other server config files, where the code is compiled once at server start-up.

This is based on some benchmarking work done by member AndreasFriedRich, and posted here at WebmasterWorld.

Jim

bcolflesh

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3697848 posted 2:52 pm on Jul 14, 2008 (gmt 0)

Jim - thank you, that is valuable info.

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3697848 posted 2:58 pm on Jul 14, 2008 (gmt 0)

RewriteCond %{REMOTE_ADDR} ^(123\.45\.67\.8)(210\.78\.23\.4)(210\.78\.23\.4)(210\.78\.23\.4)(210\.78\.23\.4)(210\.78\.23\.4)(210\.78\.23\.4)(210\.78\.23\.4)(210\.78\.23\.4)(210\.78\.23\.4)(210\.78\.23\.4)(210\.78\.23\.4)(210\.78\.23\.4)(210\.78\.23\.4)$
RewriteRule ^(.*)$ http://www.yahoo.com [L]

These lines will likely return a 500 error taking down your server!
You've an extral trailing pipe character at the end of your IP line.

As an aside, the speed difference that Jim is referring to is (at least as a general rule), so minute, that anything you may gain would be lost when you begin searching your deleveoped and/or extensive lines for syntax errors (which happen to everybody). During March, I spent more than a week to locate three syntax errors and IF my lines hadn't been organized in a methodical pattern, the week could have easily turned into three or four.

g1smd

WebmasterWorld Senior Member g1smd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3697848 posted 2:59 pm on Jul 14, 2008 (gmt 0)

You could have several Condition lines, each with several IPs in them.

So, 20 IP ranges to block: 4 conditions, each with 5 IP ranges in.

That wouldn't be a problem.

You would remove the final $ symbol if you were using partial IP ranges.

jdMorgan

WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3697848 posted 4:03 pm on Jul 14, 2008 (gmt 0)

The difference is sufficient to keep in mind, but I agree that long lines of abcd patterns are hard to maintain.

Note also that the parentheses in the previously-posted code are misplaced -- in that only one pair is needed to "attach" the start and end anchors to each IP address sub-pattern. I'd write it as:

RewriteCond %{REMOTE_ADDR} ^(123\.45\.67\.8210\.78\.23\.4210\.78\.23\.4210\.78\.23\.4210\.78\.23\.4)$

(shortened example only)

> but I thought you were saying that there was another way of doing it ?

What we've been talking about efficiency-wise is that this implementation of my example is faster if used in httpd.conf or conf.d, or some other server-config file:

RewriteCond %{REMOTE_ADDR} ^123\.45\.67\.8$ [OR]
RewriteCond %{REMOTE_ADDR} ^210\.78\.23\.4$ [OR]
RewriteCond %{REMOTE_ADDR} ^210\.78\.23\.4$ [OR]
RewriteCond %{REMOTE_ADDR} ^210\.78\.23\.4$ [OR]
RewriteCond %{REMOTE_ADDR} ^210\.78\.23\.4$

Note: No [OR] on last RewriteCond!

> By class D, I assume you mean that it's best to redirect based on the 1st 3 octets, rather than all 4 ?

This depends on *where and what* the visitor is. If the IP address resolves to a dial-up user, then that address is only temporarily-assigned, and will change the next time that user re-connects. It is usually not productive to block dial-up users by IP address; Since the IP address will be changed/re-assigned, then when the blocked address'es user gets a new IP address, not only won't you block him anymore, but you may block an innocent user if he's assigned the bad guy's previous address.

If the IP address resolves back to a single DSL user, then block that specific address and put the code into a section that you plan to review (or delete) on a monthly basis; DSL IP addresses also change, but only occasionally -- when the user's router is re-booted or his ISP's DHCP lease time expires. This could be days, weeks, or months.

If the visitor is a business user, then it's less likely the IP address will change, and you might put those blocks into a six-month-review section.

If the visitor is coming from an IP address assigned to a co-location facility or to a hosting company, then his IP address is likely to change very infrequently -- once a year might be a good guess, although I wouldn't tolerate a service that changed my address that often. This class of visitor is going to be one of two things -- either someone with a Web site that links to yours or includes it in their directory, or an "enterprise-class" scraper or spammer -- They are using a server to scrape content, collect e-mail addresses, or try to auto-post to your forums, etc. I usually block entire server farms and co-location facilities, which might mean an entire Class C or larger.

Sometimes, you may want to put another consideration above those: How much legitimate traffic/business/revenue do you get from the IP address range? I'm referring obliquely here to "ISPs" or "countries" or "regions." Rather than block troublemakers in certain areas one-by-one, it may be more efficient to block a much larger range if doing so is unlikely to affect legitimate traffic.

If you err on the side of a wide block, then you may lose legitimate traffic. If you use narrow-range or single-address blocking, then your block list will quickly grow huge, inefficient, and unmanageable.

Anyway, there are other exceptions, of course, and so you must do a bit of research using Whois and/or Sam Spade (or similar) to figure out "how long and how wide" an IP blocking duration and range should be.

> Does it matter if the line with the ip addresses is not on one line,

Yes, if you put a newline into the code, you will get a syntax error. But don't confuse that with a line wrapping around to fit your edit window. And if you mean the multi-line method that I just posted, then the difference is code size and execution speed.

Jim

Dexie

10+ Year Member



 
Msg#: 3697848 posted 4:50 pm on Jul 14, 2008 (gmt 0)

Many thanks - getting some excellent help here. Anything wrong with the code below please ?

RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^123\.45\.67\.8$ [OR]
RewriteCond %{REMOTE_ADDR} ^210\.67\.19\.4$ [OR]
RewriteCond %{REMOTE_ADDR} ^210\.89\.56\.4$ [OR]
RewriteCond %{REMOTE_ADDR} ^210\.23\.39\.4$ [OR]
RewriteCond %{REMOTE_ADDR} ^210\.76\.38
RewriteRule ^(.*)$ [yahoo.com...] [L]

Dexie.

Dexie

10+ Year Member



 
Msg#: 3697848 posted 4:54 pm on Jul 14, 2008 (gmt 0)

Also, and still on the same subject, does anyone know a dependable way of finding out the ip block for Nigeria, China and Russia ? and if blocking them, would there be any risk of not receiving emails from our clients that are only in the USA and the UK please ?

Any help much appreciated.

Dexie.

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3697848 posted 5:07 pm on Jul 14, 2008 (gmt 0)

way of finding out the ip block for Nigeria, China and Russia

My non-ARIN ranges were tediously implemented some six years ago.

block a country dot com from another forum may be useful.

Dexie

10+ Year Member



 
Msg#: 3697848 posted 6:13 pm on Jul 14, 2008 (gmt 0)

Just wondering how reliable block a country dot com was ? What is the chances of also accidentally blocking US and UK IP's there, also, when you start redirecting say, 5 countries IP's to other domains, you're gonna get a really heavy .htaccess ;-)

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3697848 posted 9:13 pm on Jul 14, 2008 (gmt 0)

My non-ARIN ranges were tediously implemented some six years ago.

I've never used the thing.

I did look at a few countries and decided it may be useful for beginners.

Dexie

10+ Year Member



 
Msg#: 3697848 posted 6:52 am on Jul 15, 2008 (gmt 0)

Many thanks - will look into that a bit more.

One thing, if you received an email from someone who you wanted to redirect based on thier IP, and it said :

Received: from bay0-omc2-s6.bay0.hotmail.com ([65.54.246.142]:15742)
by (domain host) with esmtp (Exim 4.69)
(envelope-from <#*$!x@hotmail.com>)
id 1KGacH-0000Wd-O0
for #*$!#*$!#*$!x.com; Wed, 09 Jul 2008 15:25:58 +0100
Received: from BAY135-W47 ([65.55.140.82]) by bay0-omc2-s6.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);

What IP address would you use please ?

The helps appreciated.

Dexie.

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3697848 posted 12:53 pm on Jul 15, 2008 (gmt 0)

One thing, if you received an email from someone who you wanted to redirect based on thier IP, and it said :

This is web accessed email, which attempts to pull "our" pages and images into the active hotmail web page.

On my own sites these requests are denied under the anti-hotlinking lines. In certian instances (at least specifcic directories; not all) I've added exception lines to allow these requests.

I would focus on the following rather than the IP:

bay0-omc2-s6.bay0.hotmail.com

Dexie

10+ Year Member



 
Msg#: 3697848 posted 1:03 pm on Jul 15, 2008 (gmt 0)

Thanks Wilderness, I perhaps should have been clearer, it's not for anti-hotlinking, it's just to redirect that particular person to another url.

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3697848 posted 1:09 pm on Jul 15, 2008 (gmt 0)

should have been clearer, it's not for anti-hotlinking

It doesn't need to be.
Rather that is the example that I provided for use of the referrer.

Dexie

10+ Year Member



 
Msg#: 3697848 posted 2:19 pm on Jul 15, 2008 (gmt 0)

Ok, it's getting clearer now and thanks for hanging on with this. Would I need to put bay0-omc2-s6.bay0.hotmail.com in the .htaccess to redirect that user please ?

DExie.

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3697848 posted 2:28 pm on Jul 15, 2008 (gmt 0)

You may utilize the entire line or any "portion" with addtional focus.
EX:
Begins with
Ends with
Contains

jdMorgan

WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3697848 posted 2:43 pm on Jul 15, 2008 (gmt 0)

Denying or redirecting many hotmail users may not be in your best interest.

See if your e-mail client has an option to "show full headers" or "show all headers." If so, enable this option, and look for the header, "X-Originating-IP". If that IP address is a private IP address, you can redirect based on it. If it's a shared address, or if the header is not present, then there's not much you can do.

Jim

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3697848 posted 3:01 pm on Jul 15, 2008 (gmt 0)

Denying or redirecting many hotmail users may not be in your best interest.

Jim I agree entirely.

However not all hotmail referrers contain these specific phrases:

bay0
omc2
s6.bay0

Thus the multiple phrases and/or users allows versatility in specific focus.

Dexie

10+ Year Member



 
Msg#: 3697848 posted 3:37 pm on Jul 15, 2008 (gmt 0)

This sounds good - how would you use that in a .htaccess please ?

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3697848 posted 3:54 pm on Jul 15, 2008 (gmt 0)

#If Referer contains "omc2"
RewriteCond %{HTTP_REFERER} omc2 [OR]

In addition and these "focused" implementations, I would personally refrain from the using the NC option.

g1smd

WebmasterWorld Senior Member g1smd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3697848 posted 10:10 pm on Jul 15, 2008 (gmt 0)

Does the referrer always contain exactly those elements for that particular user?

How many other users are likely to also be inadvertently blocked by this rule?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved