3

A own a dedicated CentOS box that uses lighttpd to serve www.newdomain.com. However, the same IP used to host an old domain www.olddomain.com.

The box still gets requests for www.olddomain.com.

What's the most effective way to block those requests?

  • Through an iptables rule
  • By a rule in lighttpd
  • Adding a hosts.deny
  • Another option that haven't thought of

Note: I do not have access to the name servers or the domain records of www.olddomain.com

j0k
  • 411
  • 9
  • 16
Iraklis
  • 488
  • 1
  • 6
  • 14

5 Answers5

5

Create a virtual host for the old domain with an empty directory as the root (which will just serve 404s).

mgorven
  • 30,615
  • 7
  • 79
  • 122
3

Use iptables string module. Although this is not the most recommended way of doing it, you might need to consider it as you seem interested in blocking it completely. The string module requires a linux kernel >= 2.6.14

The rule would be like this -

/sbin/iptables -I INPUT -p tcp --dport 80 -m string --algo bm --string "www.olddomain.com" -j DROP

But remember, this might end up blocking legitimate traffic. You have to confirm that your old domain does not appear in any of the url request for all the sites in your domain.

Daniel t.
  • 9,291
  • 1
  • 33
  • 36
1

Based on your response to my comment, I would use iptables or a hardware device to drop the packets. Using iptables will save your web service from having to process the request. Using a different hardware device such as firewall would be a better option since they are much faster at this and then it never hits your server.

Spechal
  • 751
  • 6
  • 10
  • How are you going to figure out which site is being requested at layer 3? – Michael Hampton Mar 04 '13 at 21:54
  • I was referring to a device that works at the network level that runs applications specific to this purpose. I was too low in the OSI layer, so thank you for correcting me. Firewalls typically work at the layer 3/4 using the OSI model. – Spechal Mar 04 '13 at 22:01
1

The best way would be to do it at the firewall level (such as iptables, with string modules) because you consume less ressources than doing it on a 'web server' service such as lighttpd, nginx, etc

However, your original request mentioned HTTPS. This is a bit more tricky because you are using the same IPs and you can only decrypt the https header ONCE you give it your side of the certificate (ie: you won't know for which domain it is for, before you pass it to a load balancer or a web server [1]).

So I would suggest you simply catch them at the webserver level. You could also craft a basic 301 (permanently moved) reply and redirect them toward somewhere else. In time, the search engine won't send you traffic anymore.

[1]. Note, there's a way, through the SNI (server name identification) SSL extension, but this is getting a bit more tricky.

CloudWeavers
  • 2,531
  • 1
  • 15
  • 17
0

If www.newdomain.com is the default, chances are the web server will use it to answer requests for any domain.

Configure your web server to only respond to www.newdomain.com and ignore everything else.

(I haven't used lighttpd in a while, you'll need to look up the syntax.)

David
  • 3,555
  • 22
  • 17