0

I have a website and related services running under a Rackspace's Cloud Load Balancer. In my DNS setting I have pointed my domain (say example.com) to the IP of this load balancer and it works fine.

The problem am facing is that someone has pointed their domain (say example.net) to my load balancer. So now am able to access my website through both example.com and example.net

I know we can restrict this kind of things when using Nginx/Apache but not sure how to avoid this when using Rackspace's Cloud Load Balancer.

user
  • 4,335
  • 4
  • 34
  • 71
arunvelsriram
  • 101
  • If I get the [docs](https://developer.rackspace.com/docs/cloud-load-balancers/v1/api-reference/allowed-domains/) right, one has to explicitly allow domain names. Isn't that the case? – gxx Jul 15 '16 at 11:37
  • @gf_ Allowed Domains as described in your link is related to adding nodes by domain (as opposed to adding a node by IP address). – Joe A Jul 20 '16 at 04:29

1 Answers1

1

Your Cloud Load Balancer won't inspect traffic to find a Host header.

You could effectively deny traffic for example.net by forcing SSL if you have a cert for example.com; you'd set the LB to HTTPS only and enable the httpsRedirect option.

I'll expect CloudFlare to be able to deny the example.net traffic.

Otherwise, look to your web server as you mentioned.

Joe A
  • 300
  • 2
  • 9