Letting people know the web server is off line

 Apache, Firewalls/Gateways, IP Filter  Add comments
May 112000
 

Letting people know the web server is off line

Today I took down my new webserver in order to add three new donated SCSI drives.  I was also able to let everyone know that they websites were offline and when they could expect them to be back.  And it was far easier than I expected.  The solution may not apply to everyone, but at least you’ll know how such things can be done and perhaps it will be applicable to other situations you may encounter.

The situation

I’m running a small network. It has a gateway (FreeBSD 4.0-S and ip filter), a webserver (FreeBSD 4.0-S, Apache), and some workstations (NT).  The key to the solution is that the webserver is on it’s own box.  The gateway also has a web server, which is mostly unused.  Incoming http requests (on port 80) are redirected from the gateway box to the webserver via ipnat rules.  This is done with a rule like this:
rdr ed0 192.168.1.1/32 port 80 -> 10.0.0.1 port 80 tcp

where ab.bb.cc.dd is the IP address which incoming request reach my gateway and 10.0.0.1 is the address of my webserver.  Quite simply, all requests reaching my gateway on port 80 are redirected to my webserver at 10.0.0.1.

The solution

So, what did I do to let everyone know the website was down?  Well, first I created a little website containing a single page saying "Sorry, but our websites are down, but we’ll be back at <insert time here>".  I put this website on the gateway, which already had http installed.  This website was the default website for this server.

The following command removes the above redirect.  See man ipnat for more detail.

echo "rdr ed0 192.168.1.1/32 port 80 -> 10.0.0.1 port 80 tcp" \
                                      | ipnat -r -f -

That was it.  The switch was thrown.  All incoming requests for my websites were met by Apache running on my gateway.  I could now take down my real webserver in the knowledge that people would know that my site was down and not be met with some unpleasant message.  It’s also better for public relations.

When it was time to bring the webserver back online, I issued this command:

echo "rdr ed0 192.168.1.1/32 port 80 -> 10.0.0.1 port 80 tcp" \
                                      | ipnat -f -

As you can see, the only difference is the "-r" flag.

I also used this flag in using rule groups for blocking IP blocks.