Hello, The error log of our webserver is parsed for vulnerability scanning IP's and once caught they get blocked by PF. I've included various common scriptnames that are exploitable but was recently presented with a problem where one of our users locked himself out by installing (and browsing) to such a scriptname. Obviously they thought the server was down, resulting in panic, phonecalls and angry faces...
Therefore I would like to be able to present IP addresses from a certain table with a special page stating they have been blocked because of scanning and they should get in contact to get unblocked. My current setup is a single NIC machine with multiple real IP addresses attached. I was wondering if I could assign one IP address as the warning page setup (VirtualHost in Apache) and rdr to that? Or would this create a loop? Because this is a live server and I am not very experienced with PF I am reluctant to experiment and thought I'd ask first. Any other suggestions to solve this problem are also more than welcome. Thank you in advance, Matt
