What Apache version are you on? In 2.4 you might be able to put different ErrorDocument directives inside different <If...> envelopes based on the requester's IP. Otherwise you'd need to make a dynamic ErrorDocument that looked up the IP before building the page.

That's assuming you're talking about a true ErrorDocument-- the kind that's sent in response to a numerical error code. If you don't mind redirecting certain requests to a selection of hard-coded pages, then the problem becomes trivial.

Hi lucy24, I'm using Apache 2.2. The intent is to convey to human visitors that they are unwelcome to visit the site from particular IP ranges, and what they can do to remedy the situation. It matters little if a machine readable header code is served in this situation.

and what they can do to remedy the situation

"Don't live in China"?

Plenty of things are in a human's power to change-- I've got one quasi-error page that says outright "Try a different browser" --but using a different IP has got to be near the bottom of the list. The only people who can do that are the ones who already know about proxies ... and that probably isn't who you are trying to reach.

If you're only concerned with reaching humans, then a straightforward redirect should be easy enough to set up. You'll have packages of rules like

RewriteCond %{REQUEST_URI} !/bad-ip\.html
RewriteCond %{REMOTE_ADDR} ^(12\.34|56\.67|90\.123)\.
RewriteRule (/|\.html)$ http://www.example.com/bad-ip.html [R=301,L]

I just made that up, but you see the type of thing. Since the rule depends on a condition, set it up so it only kicks in on page requests.

You can also do things like capture all or part of the request and redirect appropriately. For example, thanks to some weird robotic activity I've got a current rule that looks like this:

RewriteCond %{HTTP_REFERER} ^http://yandex\.ru/yandsearch\?text=[^&]+&lr=213(&|$)
RewriteCond %{REQUEST_URI} ^(/.*)
RewriteRule \.html$ http://example.com/boilerplate/redirect.php?oldpage=yandex&newpage=%1 [R=301,L]

It intercepts requests for certain large pages and points them to a much smaller page. Humans are then free to click a link that leads them on to the page they originally asked for-- or back to whatever page they came from-- while robots end up getting a 2K page instead of a 600K one.

You could make different rules for different IP ranges, and then set a parameter like "ip=china" "ip=ukraine" "ip=comcast" which you can use in building a single shared redirect page.

For safety's sake, any page of this sort should have a "noindex" meta, though search engines really should never even know about it.

I've been using something similar for some years.

I do offer more exceptions so that denied visitors may contact me. (TOS, CONTACT, 403, 404, and 410 pages.)

In most instances the use has been beneficial and pretty much forces the denied visitor to contact me for an access solution. In one instance it was beneficial in identifying an otherwise unknown harvester.

I do offer more exceptions so that denied visitors may contact me.

RewriteRule ^boilerplate/(forbidden|goaway|sorry|internal_error|repairs)\.html - [L]

RewriteRule ^boilerplate/redirect\.php - [L]

and

<FilesMatch "(footer|forbidden|goaway|missing|sorry|internal_error|repairs)\.html$">
Order Allow,Deny
Allow from all
</FilesMatch>

The absence-- haha-- of "missing" from the mod_rewrite list is intentional, because if people ask for "missing.html" by name they get a 410 response.

Thanks for the comments but it seem to complex and hard to maintain in the long term. I think I'll just use the messenger feature for blocked IP ranges that comes with the firewall I'm using (well known freebie CSF) and show a generic message.