Honeypot webserver question

[ChayoteMu <chayotemu () gmail com>]

I tried to google info on this question but couldn't find anything
specific to what I'm after so I'm sending this out to the list. Thanks
in advance for any responses.
Question:
Is it possible to run a web server on a honeypot that will serve the
pages and work as a regular server except with the extras of being a
honeypot, ie logging and prevention measures? I'm asking because I had
an idea for a pair of webservers behind an IDS/Firewall. Regular
traffic goes to the primary web server but suspicious traffic gets
dumped onto the honeypot server. This lets false positives view the
site but not have access to any other services (FTP or anything else
on the real server) and gives a good idea of what they'd try to do to
the clean server so you could catch 0-days and such. And if you're
bored you can update the honeyserver semi-regularly to get all the new
goodies on there for attackers to go after (with some changes
obviously). I know you can emulate web servers with various methods
but I'm curious if there's somebody/group doing that now or a tool
anyone knows of for it.

-- 
"To catch a thief, think like a thief. To catch a master thief, be a
master thief."