MOD REMAP

Screen Shot 2017-06-29 at 8.54.01 AM

nano /etc/apache2/sites-available/ip-whitelist-test.conf

<VirtualHost *:80>

        ServerAdmin webmaster@localhost

        ServerName ip-whitelist-test.lo.com

        ServerAlias http://www.ip-whitelist-test.lo.com

        DocumentRoot /var/www/ip-whitelist-test

        <Directory />

                Options FollowSymLinks

                AllowOverride None

        </Directory>

        <Directory /var/www/ip-whitelist-test/>

                Options -Indexes +FollowSymLinks -MultiViews

                AllowOverride All

                Require all granted

        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,

        # alert, emerg.

        # LogLevel debug rewrite:trace3

        CustomLog /var/log/apache2/access.log combined

        <IfModule mod_rewrite.c>

                RewriteEngine On

                ## Allowing only whitelisted IPS ##

                RewriteMap ip_color “prg:/usr/local/bin/get_ip_color.py TEST123”

                RewriteCond %{REMOTE_ADDR} ^(.*)$

                RewriteCond ${ip_color:%1|black} ^black$ [NC]

                RewriteRule (.*) – [F]

                ## End – Allowing only whitelisted IPS ###

        </IfModule>

</VirtualHost>

 

/usr/local/bin/get_ip_color.py

#

# Script should be only called with app_code argument provided after the script name like

# $ python get_ip_color.py some_app_code

#

import sys

import requests

import argparse

api_domain=’https://firewall.lo.com/api/&#8217;

api_endpoint_template=’v1/ip/whitelist/findByApp?appCode=%s’

api_username=”

api_password=”

def get_whitelisted_ips(app_code):

  try:

    api_endpoint = api_endpoint_template % app_code

    root = requests.get(api_domain + api_endpoint, auth = (api_username, api_password))

    return root.json()

  except:

    return get_default_ips()

def get_default_ips():

  return []

def get_color(ip, app_code):

  ips =  get_whitelisted_ips(app_code)

  if not isinstance(ips, list):

    ips = get_default_ips()

  if ip in ips:

    return ‘white’

  else:

    return ‘black’

parser = argparse.ArgumentParser()

parser.add_argument(“app_code”, help=”Application Code – required argument used to fetch only IPs which belong to certain application”)

args = parser.parse_args()

while True:

  ip = sys.stdin.readline().strip()

  color = get_color(ip, args.app_code)

  sys.stdout.write(color + ‘\n’)

  sys.stdout.flush()

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s