10

I have a CentOS server running Apache 2.2.15. If the IP address of the server is 192.0.2.231 and I write in browser http://192.0.2.231/ it goes on my website.

I want to prevent this. I want my website to be accessible only on the FQDN i.e. http://example.com/.

How can I configure my server so the website is not accessible when I visit the IP address?

Nikita Kipriyanov
  • 10,947
  • 2
  • 24
  • 45
antiks
  • 223
  • 3
  • 8
  • 2
    Possible duplicate of [Apache accepting requests to other servers?](http://serverfault.com/questions/662262/apache-accepting-requests-to-other-servers) – Jenny D Dec 14 '15 at 13:16
  • While the question does not quite match the duplicate I've linked to, the answer to that question is also the answer to this one. – Jenny D Dec 14 '15 at 13:17
  • I am curious as to why you would do that. reverse DNS is a thing. – njzk2 Dec 14 '15 at 22:18

4 Answers4

12

You can add a default virtual host that just gives a "denied" error, or whatever. When a browser then comes to your webserver without a host in the URL that matches any ServerName or ServerAlias lines in other virtual hosts will be served by the default virtual host.

So in your apache config:

<VirtualHost *:80>
    ServerName default
    DocumentRoot /var/www/default
    ...
</VirtualHost>

<VirtualHost *:80>
    ServerName example.com
    ...
</VirtualHost>
Nikita Kipriyanov
  • 10,947
  • 2
  • 24
  • 45
wurtel
  • 3,864
  • 12
  • 15
7

You can use Alias * to catch any other trafic than thoose allowed in your virtual host, for this you have to use in the last position a virtual host with * as alias.

Like that only defined domain will be served.

<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/default
...
</VirtualHost>

<VirtualHost *:80>
ServerName another.example.com
DocumentRoot /var/www/another
...
</VirtualHost>

# /!\ THIS HAS TO BE ON THE LAST POSITION /!\
<VirtualHost *:80 *:443>
# [ Server Domain ]
ServerName localhost
ServerAlias *
# [ Cancel trafic ]
RewriteRule .* - [END,R=406]
# [ Custom Log ]
CustomLog ${APACHE_LOG_DIR}/other.log combined
</VirtualHost>

In my example only example.com and another.example.com will be allowed, all other domains or IP will have trafic cancelled.

To cancel the trafic you can use a redirect to - and then add an error code, for example i used a RewriteRule to redirect to 406 Not Acceptable (R=406).

Here you can find the list of redirect codes: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes

Nikita Kipriyanov
  • 10,947
  • 2
  • 24
  • 45
Froggiz
  • 3,043
  • 1
  • 19
  • 30
  • Thanks! I tried your method and it works. But I changed a bit. I created a new virtualhost and I put as ServerName the IP address of the server + RewriteRule :) – antiks Dec 15 '15 at 08:53
0

Not an Apache solution, but if your goal is just to prevent access to your site through the IP, an easy way is to set the allowed hosts in your web framework settings (e.g. ALLOWED_HOSTS in Django or AllowedHosts in .NET) to only include your domain name.

Benitok
  • 101
  • 2
0

You need a rewrite rule like this:

 RewriteEngine On
 RewriteCond %{HTTP_HOST} !^mywebsite.com$
 RewriteRule /.* https://mywebsite.com/ [R]
Jenny D
  • 27,780
  • 21
  • 75
  • 114
Kobus
  • 57
  • 5