one thing you could do is to run an instance of apache on a high port, and put in a redirect call to forward the blocked ip's to localhost on the high port, so for example, if your new apache is on 8081:
rdr on $ext_if from <blocked> to port 80 -> 127.0.0.1/32 port 8081 Providing you have a webserver with your error page running there, this should forward web traffic from the blocked table to the new apache running on port 8081 On 12/7/05, Webcharge <[EMAIL PROTECTED]> wrote: > Hello, > > The error log of our webserver is parsed for vulnerability scanning IP's and > once caught they get blocked by PF. > I've included various common scriptnames that are exploitable but was > recently presented with a problem where one of our > users locked himself out by installing (and browsing) to such a scriptname. > Obviously they thought the server was down, > resulting in panic, phonecalls and angry faces... > > Therefore I would like to be able to present IP addresses from a certain > table with a special page stating they have > been blocked because of scanning and they should get in contact to get > unblocked. > > My current setup is a single NIC machine with multiple real IP addresses > attached. > I was wondering if I could assign one IP address as the warning page setup > (VirtualHost in Apache) and rdr to that? > Or would this create a loop? > Because this is a live server and I am not very experienced with PF I am > reluctant to experiment and thought I'd ask first. > > Any other suggestions to solve this problem are also more than welcome. > > Thank you in advance, > > Matt > >
