Make Apache server only accept requests to domain rather than IP

You can add a default virtual host that just gives a "denied" error, or whatever. When a browser then comes to your webserver without a host in the URL that matches any ServerName or ServerAlias lines in other virtual hosts will be served by the default virtual host.

So in your apache config:

<VirtualHost *:80>
    ServerName default
    DocumentRoot /var/www/default
    ...
</VirtualHost>

<VirtualHost *:80>
    ServerName mywebsite.com
    ...
</VirtualHost>

You can use Alias * to catch any other trafic than thoose allowed in your virtual host, for this you have to use in the last position a virtual host with * as alias.

Like that only defined domain will be served.

<VirtualHost *:80>
ServerName mywebsite.com
DocumentRoot /var/www/default
...
</VirtualHost>

<VirtualHost *:80>
ServerName another.mywebsite.com
DocumentRoot /var/www/another
...
</VirtualHost>

# /!\ THIS HAS TO BE ON THE LAST POSITION /!\
<VirtualHost *:80 *:443>
# [ Server Domain ]
ServerName localhost
ServerAlias *
# [ Cancel trafic ]
RewriteRule .* - [END,R=406]
# [ Custom Log ]
CustomLog ${APACHE_LOG_DIR}/other.log combined
</VirtualHost>

In my example only mywebsite.com & another.mywebsite.com will be allowed, all other domains or IP will have trafic cancelled.

To cancel the trafic you can use a redirect to - and then add an error code, for example i used a RewriteRule to redirect to 406 Not Acceptable (R=406).

Here you can find the list of redirect codes: https://fr.wikipedia.org/wiki/Liste_des_codes_HTTP

Tags:

Centos

Apache 2.2

Recent Posts