Deny requests for other domains in Apache 2

Question

Let's say I have xy.com running on a server powered by Apache. It's the default virtual host.
Now someone has rewritten his hosts file to redirect yz.com to my server's IP. As my server doesn't know a thing about yz.com, it just resolves it to the default virtual host. So in this case yz.com/hello get's resolved to xy.com/hello and it tries to serve my site's /hello page. Is there a way (maybe with a RewriteRule or something) to disable requests requesting yz.com from my server? Give them a 403 for example or anything, just don't let anything through Apache unless it's requesting xy.com.
I'm using the latest Apache version on Ubuntu LTS.

score 5 · Answer 1 · answered May 08 '14 at 13:00

5

Why is xy.com the default if you don't want it to be?

Add a new default virtual host that does nothing but return a 404.

Then add xy.com as a virtual host entry. It'll only get used if requested.

answered May 08 '14 at 13:00

MikeyB

39,291
10
105
189

score 5 · Answer 2 · answered May 08 '14 at 13:36

Why not simply change the default VHost to a deny one?

<VirtualHost *:80>
    ServerName lol.no
    DocumentRoot /var/empty/httpd
    <Location />
        Deny from all
        Allow from none
    </Location>
</VirtualHost>

<VirtualHost *:80>
    ...your VHost goes here...
</VirtualHost>

score 2 · Answer 3 · answered May 08 '14 at 12:42

A RewriteRule would be something like this:

RewriteCond %{HTTP_HOST} !^your\.site\.com$ [NC]
RewriteRule .* - [F]

Other solution would be to add a new default Virtual Host which responds with 403 to any requests.
Only matching requests would then go to your real Virtual Host.

Deny requests for other domains in Apache 2

3 Answers3