Limiting Access to IBM Connections for Maintenance Work
Martin Leyrer July 11 2018 09:09:25
connections mod_rewrite ic ic6 apache load_balancer ihs loadbalancer lb
The IBM Knowledge Center has a nice chapter on "Informing users of a migration or update". You basically redirect everyone to a static maintenance page unless they arrive from a certain IP adress (so you as an administrator can still work):
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine on
RewriteCond %{REMOTE_HOST} !^127.0.0.1
RewriteCond %{REMOTE_HOST} !^192.168.157.139
RewriteCond %{REMOTE_HOST} !^192.168.157.140
RewriteRule !^/upgrading.htm$ /upgrading.htm [L,R=500]
ErrorDocument 500 /upgrading.htm
Unfortunately, in a current customer project, that did not work for me, as this
- blocked the healtcheck from the Load Balancer (LB) in front of Connections as well, which resulted in the requests not getting forwarded to the IHS
- "%{REMOTE_HOST}" always being the IP of the load balancer
So I had to modify the statement a little bit:
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine on
RewriteCond %{REMOTE_HOST} !^127.0.0.1
# Allow traffic from the Healthcheck host aka. Load Balancer ...
RewriteCond %{REMOTE_HOST} !^10.1.1.22
RewriteCond %{REMOTE_HOST} !^10.1.1.21
# Check the "X-Forwarded-For" http header for the original IP of the requester
# and block if not certain IP (add more lines for more IPs)
RewriteCond %{HTTP:X-Forwarded-For} !^192.168.157.139
RewriteCond %{HTTP:X-Forwarded-For} !^192.168.157.140
RewriteRule !^/upgrading.htm$ /upgrading.htm [L,R=500]
ErrorDocument 500 /upgrading.htm
Comments [0]
No Comments Found