Is there a way to match VLAN ids and redirect such http traffic to webserver (?? iptables)? And when at webserver, rewrite URL according to VLAN id?
I would need such thing because our network implements number of VLANs with 802.1x and we would like to show some "banned" users specific web pages.
Thanks for any ideas and insights,
Regards,
If your vlans and your ip addressing follow similar boundaries, then I think it might be easiest to use the ip addresses to control the access.
For example: vlan 100 = 10.100.x.y vlan 101 = 10.101.x.y
or even vlan 100 = 10.100.x.[100-119] vlan 101 = 10.100.x.[120-140]
Web servers don't have access to the vlan id from the packet.
You'd then need to craft your web server rules to do things based on the client ip.
==== EDITED: What about just rewriting the dst ip address from the specific vlans to a an extra interface that can do the layer7 rewriting that you want done? It should be invisible to the end user (as long as that filter stays up). Using iptables to modify layer7 data seems expensive.