Make Apache server only accept requests to domain rather than IP
You can add a default virtual host that just gives a "denied" error, or whatever. When a browser then comes to your webserver without a host in the URL that matches any ServerName
or ServerAlias
lines in other virtual hosts will be served by the default virtual host.
So in your apache config:
<VirtualHost *:80>
ServerName default
DocumentRoot /var/www/default
...
</VirtualHost>
<VirtualHost *:80>
ServerName mywebsite.com
...
</VirtualHost>
You can use Alias *
to catch any other trafic than thoose allowed in your virtual host, for this you have to use in the last position a virtual host with *
as alias.
Like that only defined domain will be served.
<VirtualHost *:80>
ServerName mywebsite.com
DocumentRoot /var/www/default
...
</VirtualHost>
<VirtualHost *:80>
ServerName another.mywebsite.com
DocumentRoot /var/www/another
...
</VirtualHost>
# /!\ THIS HAS TO BE ON THE LAST POSITION /!\
<VirtualHost *:80 *:443>
# [ Server Domain ]
ServerName localhost
ServerAlias *
# [ Cancel trafic ]
RewriteRule .* - [END,R=406]
# [ Custom Log ]
CustomLog ${APACHE_LOG_DIR}/other.log combined
</VirtualHost>
In my example only mywebsite.com & another.mywebsite.com will be allowed, all other domains or IP will have trafic cancelled.
To cancel the trafic you can use a redirect to -
and then add an error code, for example i used a RewriteRule to redirect to 406 Not Acceptable (R=406
).
Here you can find the list of redirect codes: https://fr.wikipedia.org/wiki/Liste_des_codes_HTTP