Letting people know the web server is off line
Today I took down my new webserver in
order to add three new donated SCSI drives. I was also able to let everyone know
that they websites were offline and when they could expect them to be back. And it
was far easier than I expected. The solution may not apply to everyone, but at least
you’ll know how such things can be done and perhaps it will be applicable to other
situations you may encounter.
I’m running a small network. It has a gateway (FreeBSD 4.0-S and ip filter),
a webserver (FreeBSD 4.0-S, Apache), and some workstations
(NT). The key to the solution is that the webserver is on it’s own box. The
gateway also has a web server, which is mostly unused. Incoming http requests (on
port 80) are redirected from the gateway box to the webserver via ipnat
rules. This is done with a rule like this:
rdr ed0 192.168.1.1/32 port 80 -> 10.0.0.1 port 80 tcp
where ab.bb.cc.dd is the IP address which incoming request reach my gateway and
10.0.0.1 is the address of my webserver. Quite simply, all requests reaching my
gateway on port 80 are redirected to my webserver at 10.0.0.1.
So, what did I do to let everyone know the website was down? Well, first I
created a little website containing a single page saying "Sorry, but our websites are
down, but we’ll be back at <insert time here>". I put this website on the
gateway, which already had http installed. This website was the default website for
The following command removes the above redirect. See man ipnat
for more detail.
echo "rdr ed0 192.168.1.1/32 port 80 -> 10.0.0.1 port 80 tcp" \ | ipnat -r -f -
That was it. The switch was thrown. All incoming requests for my websites
were met by Apache running on my gateway. I could now take down my real webserver in
the knowledge that people would know that my site was down and not be met with some
unpleasant message. It’s also better for public relations.
When it was time to bring the webserver back online, I issued this command:
echo "rdr ed0 192.168.1.1/32 port 80 -> 10.0.0.1 port 80 tcp" \ | ipnat -f -
As you can see, the only difference is the "-r" flag.
I also used this flag in using rule groups for
blocking IP blocks.