Redirect based on source IP address????
I have a site that I don't want our competitors to view! By
tracking code, I have managed to obtain their source IP addresses.
After looking around, there is a .php solution to my problem
but my host is not well suited to .php files (although it does some
processing).
My pages are in .shtml (to process css drop-down menus
correctly) and I understand that this attached code, if put at the
top of the page before anything else, will work.
I have managed to get one working
http://www.donbur.co.uk/gb/newindex.php
but am having difficulty getting this code to work elsewhere.
The problem is, when I try to put this code into either a
template or as an include, it won't process correctly or the page
won't render at all.
Do I have to use .php files or can I insert php script into
an .shtml document.
Getting really confused now.... HELP
Thanks for the constructive advice...
quote:
>After looking around, there is a .php solution to my
problem but my host is not well
>suited to .php files (although it does some processing).
What does this mean? Does your hosting plan include php
support or not?
You can't just put a php script into any page. It needs to be
a .php page or you need to reconfigure the server to parse other
pages for php. But if your hosting plan doesn't support php then it
won't work in any case.
My host is BT Internet and they claim not to process .php
files which is why our main .php site is hosted elsewhere; however,
it seems that, although it has difficulty (to clarify: doesn't
render) with main full scripts, it does seem to process simple
<?php echo commands for example.
It has been suggested on another forum that the .shtml files
are set to be recognised by .php in the cpanel but our host will
not do this...
Our competitors are not particularly smart or up-to-date and
this would have been reasonably effective; however, I bow to better
judgement and close this topic.
Similar Messages
-
Route call based on source IP address
Hello Guys,
Is there a way to route calls based on source IP address?
I want to redirect calls to specific queues based on the ip of the phone who's starting it.
Any ideas?
Thanks in advance.
Filipe LeiteHi Filipe
I'm assuming here that you are using CallManager rather than CME?
One option might be to use the 'device mobility' feature to assign a specific CSS to devices based on their IP subnet. That CSS could have the appropriate partitions to route to a seperate trigger that directs calls to a separate CSQ.
Of course, whether you can do this depends on whether it would be appropriate to override the device CSS in this way.
Aaron -
ACE load balance based on Source IP Address
Hi Cisco Support,
I have question related to Cisco ACE behavior in term to taking a decision based on source address
I currently have two servers sits behind ACE part of one server farm, these servers are load balanced via one VIP on ACE module and every things looks fine.
Now service owners want to replace these old servers with new hardware hence before the migration we need to make sure these new servers are working as required standard hence need to create a testing scenario for new servers along with old server. The problem is that number of third party partners are accessing existing servers by hitting VIP on ace and we can't engage all our partner to participate in this test therefore decided to engage only one partner to carry our test with us.
For that reason can we some how configure the ACE so when packet arrive on ACE from one test partner mentioned above, ACE send only that partner's traffic based on it's source address (define via class/policy map on ACE if possible) towards new servers in the existing server farm and not to the old server in the same server farm.
Thanks for your supportHi,
Just to put some config sample that might help you to get this done.
First create the new rservers and include them under a new serverfarm (New-APP)/
serverfarm host Webfarm
rserver SVR1
inservice
rserver SVR2
inservice
serverfarm host New-APP
rserver New-1
inservice
rserver New-2
inservice
- Same VIP already working.
class-map match-all VIP-HTTP
2 match virtual-address 10.10.10.10 tcp eq www
- Create a new class that will include your partner's IP(s).
class-map type http loadbalance match-any 3rd-Party
2 match source-address 200.200.200.1 255.255.255.255
3 match source-address 200.200.200.10 255.255.255.255
Modify your current first-match policy to put the new class on top so that all the traffic matched by the statement above (IP) will be redirected to the new farm with the new APP, any other traffic that does not match the "rule" will be sent to the old serverfam with the old app.
policy-map type loadbalance first-match L7-SLB
class 3rd-Party
serverfarm New-APP
class class-default
serverfarm Webfarm
Since you already have LB working then this is it, nothing needs to be added under the multi-match policy nor interface.
HTH
Pablo -
HTTP Redirect based upon SRC IP Address
Is there a way to perform an http redirect based upon user's source IP address on the CSM/GSS environment?
Logic:
IF < src ip address is within exception list > THEN
http redirect to URL2
ELSE
http to URL1
ENDIs there a version of this solution (redirect by client source IP) for the CSS?
I'm attempting to redirect clients from a few specific networks (source IP's) to the VIP of a second CSS using a service-type redirect and "prefer " ACL commands:
clause 10 permit any 1.1.1.0 255.255.252.0 destination content owner/content-rule prefer service-type-redirect
There is an "any any destination any" last clause in the ACL for the remaining source IPs. The ACL is applied to the incoming circuits leading to the webservers.
A show of the ACL's shows all responses - no matter the client source IP - being caught by the permit any clause at the end of the ACL.
Extra points: this is a one-arm design with source group destination applied (to return server traffic to the CSS) and traffic is https with SSL terminating at the servers (no SSL module). Content rules are set to be sticky for srcip. Both CSSs are answering content-based DNS queries for the same URL with their local VIP address (but controlling which DNS server clients query isn't readily possible, so static proximity using DNS didn't provide the answer).
Each CSS is in a different data center: the idea is to keep traffic local by redirecting non-local traffic to its "local" (the other) CSS if services are active (and to keep traffic on the first CSS if the services at the redirected-to CSS are down).
Don't want too much, do I? ;-)
Thanks for everyone's time -
-K. -
Load balancing based on source IP address
Hi,
I configured a CSS to balance the load depending on source IP address to suppport a application feature in the server.
We have two firewalls and behind we have different users. We have also two servers behind the CSS.
Firewalls perform NAT with a unique outside IP address. So, for example, in these conditions the CSS balances requests coming from FW 1 to server 1 and requests coming from FW 2 to server 2. Is it correct this scenario?
Is it possible that requests coming from FW 1 could be forwarded to Server 2 and viceversa?
Could anyone answer me?
Thanks in advance.
Best regards.
Giuseppe.Giuseppe,
it all depends on how you configured your CSS.
Did you use an ACL to force traffic from SRC1 to server1 and traffic from SRC2 to server2 ?
Or did you simply configure sticky based on source ip or a source ip hash loadbalancing ?
Except the ACL, all other methods do not guarantee that the traffic will be splitted in 2.
Gilles. -
Re-direct based on source ip address
Dear all,
i wish to redirect url traffic to another server based on their ip address. We currently have sharepoint server and was hoping to utilise it facilities to redirect to another server. https://www.abc.com to
http://www.abc.com/def
we have iis7 runnin in the backgroup if that help.. Would iis be a better choice?
Thanks in advance..
N DHANRAJHi Dhanraj,
I understand that you want to redirect the url from
https://www.abc.com to http://www.abc.com/def, you can try URL Rewrite rules to achieve this goal.
Here are some posts about this topic, you can take a look.
http://stackoverflow.com/questions/22182087/iis-rewrite-rule-to-redirect-specific-domain-url-to-different-url-on-same-domain
http://social.technet.microsoft.com/wiki/contents/articles/23074.sharepoint-2013-url-rewrite.aspx
Supportability of Rewrite and Redirects with SharePoint 2007/2010/2013
More about the IIS redirect, I would recommend you post in IIS forum below, there will be more experts assisting on this issue.
http://forums.iis.net/t/1153050.aspx?URL+Rewrite+for+SSL+redirection
Thanks
Daniel Yang
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected] -
CSS redirect based on client IP address?
We have a number of web servers behind CSS11500. We would like to be able to send an http redirect to a client browser, depending on the client's IP address.
I had thought this might be possible using ACL but I can't find anything that seems to fit the bill. Can anyone suggest whether this is even possible, and how?create a redirect service.
Then you can use an acl like this :
clause 10 permit tcp x.x.x.x destination content prefer
Gilles. -
VRF selector using PBR or Source IP address
Could anyone can tell which is the better choice of VRF selector using PBR or Source IP address? From Cisco doc, VRF selection based on Source take advance over PBR. My feeling is that PBR may match more criterias than just match source IP address.
ThanksI would personally use the "VRF selection based on source IP address" only where the "VRF selection using PBR" is not available since the latter is a superset of the former.
Hope this helps, -
Redirecting traffic based on source address on CSS11503
Hi all,
I need to redirect HTTP traffic originating from a specific range of IPs to a specific farm of HTTP servers. More specifically, I need request comming to CSS's outside VIP address on port 80/tcp to be redirected to the HTTP farm (2 boxes with RFC1918 addresses) on port 30084/tcp.
The trick is that this rule should only apply for a certain range of source IP addresses. The rest should be content switched normally. I.e. 80/tcp -> 80/tcp, etc.
Is this possible with ACL or somthing similar?
I'm running WebNS 7.20 on a CSS11503.
Thanks,
haveryou could create a 2nd VIP like x.x.x.x:81 and
a service like
service redirect
domain x.x.x.x:81
type redirect
keepalive type none
Under the Vip x.x.x.x:81, you configure the 2 services with private ip addresses and port 30084.
Then you create an ACL
acl 10
clause 10 permit tcp destination content prefer redirect
clause 99 permit any any destination any
apply circuit-VLAN...
Don't forget you will need an ACL permit any any on all other interfaces to avoid blocking the rest of the traffic.
What this will do is tell the browser to close the current connection to vip:80 and reopen a new one to vip:81 and this will be loadbalanced to the private servers.
Gilles. -
Redirect based on list of source IP ranges
Hi everyone
We are looking for a way to 302 redirect a client to an alternate url based on their source IP address. If they do not match the source IP, the request will be load balanced to a farm.
The list of matching IP ranges is quite large though - there are upwards of 5000.
Is there a way to do this on the ACE 4710 efficiently?
Thanks
AYes, you can use an HTTP class-map
Scimitar1/User1(config)# class-map type http loadbalance redirect_clients
Scimitar1/User1(config-cmap-http-lb)# match source-address ?
Enter client source address to match
Then you can use this class-map in your policy-map to use different serverfarm
Scimitar1/User1(config)# policy-map type load first-match WEB
Scimitar1/User1(config-pmap-lb)# class ?
class-default Specify actions for default class-map
redirect_clients
Scimitar1/User1(config-pmap-lb)# class redirect_clients
Scimitar1/User1(config-pmap-lb-c)#
<.....add your redirect serverfarm here ......>
Scimitar1/User1(config-pmap-lb-c)# ex
Scimitar1/User1(config-pmap-lb)# class class-default
Scimitar1/User1(config-pmap-lb-c)#
<.... add your loadbalancing serverfarm here .....>
This is going to be a bit tedious to configure your 5000 client ip addresses.
Maybe you could script it ?
Gilles. -
How do I stop Firefox from redirecting me to another site based on my IPS address?
I work in California. Our corporate offices are in Oklahoma and my desktop computer is set up with an IPS address in OK. When I try to go to the CA website for AAA, Firefox redirects me to the OK website for AAA. How do I stop from being redirected to OK sites when trying to open CA sites?
hello eajames, sites can show you content and redirect you based on your IP address which will reveal your approximate location - there is not much a browser can do against this...
http://www.yougetsignal.com/tools/network-location/ -
Providing Access based on Client IP Address
Current Scenario -
SAP Portal is accessible directly and via Citrix (VPN).
Based on the URL alias - we have implemented Desktop Filtering.
eg if the URL ends with / internet - You get restricted roles
eg if the URL ends with / intranet - You get wider roles
In Production, we also have Netscaler Reverse Proxy and HTTPs settings in place for External (outside firewall) access.
New Requirement (Example) -
Based on the IP address of the client, determine which subnet it falls under and based on that -
If used within Citrix - Provide certain roles
If not used within Citrix - Restricted access / Redirect to a different URL on the redirect server.
Questions -
With the current desktop filtering in place based on URL determination and no specific restriction for inside/outside Citrix access -
1 - Please suggest which would be a good way to crack this? Inside Portal (IP address determination and SAP Logon modification) / Outside Portal (eg Citrix, Network OS Exit, Reverse Proxy etc) based on Best Practise ?
2 - Not sure if this is relevant : Find IP address of Client with webdybpro (This API works only in Web Dynpro and not PDK) ? I believe tweaking SAP Logon logic can get very painful and overtly complicated for such scenarios.
Thanks for your inputs ~ DhanzVivek,
On the coding front -
1 - Will reading the IP address in the header field x-forwarded-for retrieve right results if reverse proxy is in place ? Wouldnt it retrieve the proxy / load balancer IP instead of Client IP ?
2 - Also we have HTTPS settings for extranet access - So encrypted data (eg Client IP ) is transferred that the Web Dispatcher cannot manipulate ?
Please suggest.
Remember to be polite
Edited by: Anja Engelhardt on Jan 27, 2012 11:27 AM -
Bandwidth Limit based on Source IP?
Hi
I am trying to think of a way to apply a bandwidth limit based upon Source IP subnet.
I need to have the ability to limit both the outbound and inbound traffic.
So I created the following config:
policy-map bw-limit-inbound
class bw-limit-class
police 10000
class-map match-any bw-limit-class
match access-group 150
access-list 150 permit ip 172.16.99.0 0.0.0.255 any
If I apply the Service Policy inbound, it does police the upload to 100Kbps.
If I apply it outbound, it does nothing to the download.
Any reason for this?
I am applying this to an SVI
ThanksHi Guys
Just to update this thread, I figured out where I was going wrong!
As mentioned by Mikael, the ACL only shows traffic one way, hence why it was not applying the service policy to the download.
I have three subnets I want to Police both outbound and inbound so I started with Three ACLs:
access-list 197 permit ip 172.16.97.0 0.0.0.255 any
access-list 197 permit ip any 172.16.97.0 0.0.0.255
access-list 198 permit ip 172.16.98.0 0.0.0.255 any
access-list 198 permit ip any 172.16.98.0 0.0.0.255
access-list 199 permit ip 172.16.99.0 0.0.0.255 any
access-list 199 permit ip any 172.16.99.0 0.0.0.255
I then created the relevant class maps:
class-map match-all vlan998-download
match access-group 198
class-map match-all vlan999-download
match access-group 199
class-map match-all vlan997-download
match access-group 197
class-map match-all vlan998-upload
match access-group 198
class-map match-all vlan999-upload
match access-group 199
class-map match-all vlan997-upload
match access-group 197
Then the service policies:
policy-map download-limit
class vlan997-download
police 2000000
class vlan998-download
police 3000000
class vlan999-download
police 4000000
policy-map upload-limit
class vlan997-upload
police 200000
class vlan998-upload
police 300000
class vlan999-upload
police 400000
Then finally applied those to the relevant SVI:
interface Vlan102
ip vrf forwarding WAN2
ip address 10.20.2.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
service-policy output download-limit
service-policy input upload-limit -
Jdbc connection set source ip address
Hi
Is there any way to specify the local (source) ip address of a jdbc connection ?
I work in an enterprise environment with firewalls all over, and only certain ip addresses can connected to other ip addresses.
The server which runs my application has many ip addresses and
I'd like to be sure that my ip address is the source...
Thanks
Gabor Dolla
Budapest, HungaryNo, certainly not in the JDBC API. I don't believe there's even a way to do this in the java.net Socket API. There's the very slimmest of slim chances that a particular driver might implement something like this, in which case it would be in the driver's documentation. However, the chances are so slim that I'd bet strongly against any driver doing this.
The source address is usually picked by the operating system, based on the routability to the target IP address. Basically, the OS network services looks at the target IP and says to itself, "which (logical) interface can get there? That's the source IP I will use". If your host's routing says there are multiple routes to the IP, then it will pick one; if there's only one route to the particular IP, there will be only one interface (and therefore source IP) that can be chosen.
There's no reason Java or a driver couldn't be extended to do this, but no particular demand either; the problem is usually dealt with at the network layer. -
Tracing TCP Source/Destination Addresses/Ports for ongoing connections
On Solaris 10 U4 through U7, I'm trying the following just to perform basic tracking of TCP source/destination addresses and ports, using code similar to what is available in tcpsnoop_snv and tcptop_snv.
The odd thing is that the addresses/ports appear to be zeroed out - are they being cached outside of the conn_t data structure?
#!/usr/sbin/dtrace -Cs
#pragma D option switchrate=10hz
#pragma D option bufsize=512k
#pragma D option aggsize=512k
#include <sys/file.h>
#include <inet/common.h>
#include <sys/byteorder.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
/* First pass, for all TCP Read/Write actions, collect source/destination
IP + Port - after a few secs, print them all out */
fbt:ip:tcp_send_data:entry
/* Outgoing TCP */
self->connp = (conn_t *)args[0]->tcp_connp;
fbt:ip:tcp_rput_data:entry
/* Incoming TCP */
self->connp = (conn_t *)arg0;
fbt:ip:tcp_send_data:entry,
fbt:ip:tcp_rput_data:entry
/self->connp/
/* fetch ports */
#if defined(_BIG_ENDIAN)
self->lport = self->connp->u_port.tcpu_ports.tcpu_lport;
self->fport = self->connp->u_port.tcpu_ports.tcpu_fport;
#else
self->lport = BSWAP_16(self->connp->u_port.tcpu_ports.tcpu_lport);
self->fport = BSWAP_16(self->connp->u_port.tcpu_ports.tcpu_fport);
#endif
/* fetch IPv4 addresses */
this->fad12 =
(int)self->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[12];
this->fad13 =
(int)self->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[13];
this->fad14 =
(int)self->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[14];
this->fad15 =
(int)self->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[15];
this->lad12 =
(int)self->connp->connua_v6addr.connua_laddr._S6_un._S6_u8[12];
this->lad13 =
(int)self->connp->connua_v6addr.connua_laddr._S6_un._S6_u8[13];
this->lad14 =
(int)self->connp->connua_v6addr.connua_laddr._S6_un._S6_u8[14];
this->lad15 =
(int)self->connp->connua_v6addr.connua_laddr._S6_un._S6_u8[15];
/* At this point, this->{f|l}ad1{2345}->connua_v6addr.connua_{f|l}addr._S6_un.S6_u8
are empty - where is this data? */
}http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.50/command/reference/CmdGrpC.html#wp1139667
portmap [base-port base_number|disable|enable|number-of-ports number|vip-address-range number]
disable
Instructs the CSS to perform Network Address Translation (NAT) only on the source IP addresses and not on the source ports of UDP traffic hitting a particular source group. This option does not affect TCP flows.
For applications with high-numbered assigned ports (for example, SIP and WAP), we recommend that you preserve those port numbers by configuring destination services in source groups. Destination services cause the CSS to NAT the client source ports, but not the destination ports.
Note If you disable flows for a UDP port using the flow-state table and configure the portmap disable command in a source group, traffic for that port that matches on the source group does not successfully traverse the CSS.
The CSS maintains but ignores any base-port or number-of ports (see the options above) values configured in the source group. If you later reenable port mapping for that source group, any configured base-port or number-of ports values will take effect. The default behavior for a configured source group is to NAT both the source IP address and the source port for port numbers greater than 1023.
There is no possibility to disable it for TCP.
We need to source nat the port to guarantee that the server response comes back on the same module/CPU and the internal packet allocation algorithm is based on src and dst ports.µ
Gilles:
Maybe you are looking for
-
Web help is not working in ie11
Hi, I have asp.net application and a adobe robo help 7.I have the WebHelp folder after generate ouput. if run the help help in ie11.. am geeting error at xmldoc.load(). But the same is working in other browser, such as ie 8 and firefox. Thanks & Reg
-
Function module for getting Vendor Address details
Hi, Im new to this group,and new to ABAP plz hep me out by solving ABAP Query... i want to generate a report for getting Vendor Details like Vendor address,Ph num and Email input fields are Company code,country key and Account Group. im Using Smart F
-
Installation Directory BO/InstallData/InstallCache/ needs a lot of space
HI together, maybe someone of you know a solution? We have installed a BO4.0 Enterprise Server, and we installed a lot of patches since now. The installation directory (BO/InstallData/InstallCache/) needs now a lot of space. Is it possible to reorgan
-
Java Proxies from PI 7.0 to PI 7.1
HI Friends, I have inbound java proxies and java mappings involved in my interface flow. we are migrating from PI 7.0 to PI 7.1. Can any one please suggest if any things need to be done to migrate from 7.0 to 7.1. i mean any code changes or any libra
-
WSDL to ABAP in 620 versus WSDL to ABAP in 640
Can I say that <b>If WAS 640:</b> Then its pretty staigtforward to convert the WSDL to ABAP via proxy object generation but <b>If WAS 620</b>: Then we need to write code in XSLT which will parse the WSDL to build the SOAP message and then the output