Server Fault Asked on February 23, 2021
How can I configure apache so that it refuses connections coming directly to the IP address (http://xxx.xxx.xxx.xxx) instead of the vhost name http://example.com?
My VirtualHost configuration:
ServerName example.com
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/
<Directory /var/www/>
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
You cannot have it refuse connections, since the hostname (or IP) that the user is trying to use as their HTTP host is not known to the server until the client actually sends an HTTP request. The TCP listener is always bound to the IP address.
Would an HTTP error response be acceptable instead?
<VirtualHost *:80>
ServerName catchall
<Location />
Order allow,deny
Deny from all
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/
<Directory /var/www/>
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
Correct answer by Shane Madden on February 23, 2021
<VirtualHost *:80>
ServerName xxx.xxx.xxx.xxx #your server web server IP
<Location />
Order deny,allow
Deny from all
</Location>
</VirtualHost>
This is will Forbidden access for accessing by IP
Answered by BongSey on February 23, 2021
A clean way to handle this is with a RewriteRule as follows
<If "%{HTTP_HOST} == 'x.x.x.x'">
RewriteRule ^.*$ http://www.example.com/$1 [L]
</If>
Answered by Chuck Replogle on February 23, 2021
You Have to go to lower layer it only comes to my mind in the firewall chain having a validation check for the REQUEST HOST & what you have with Apache this will allow the package to be ignored or dropped
Answered by Chaddy on February 23, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP