How disable direct ip access in Apache

Ivan
August 30, 2018
245 views
3 votes
3 Answers

I have a website with CloudFlare protection, seems good at too, but if you enter the original IP adress of my server you can enter normally.

I’m using Apache (XAMPP) and SSL (https://)

I want something similar when you enter from the IP address with CloudFlare, which throws error 1003

Answers

- Nic3500
- August 30, 2018 at 2:04 pm
- 0 votes
0
You can verify if the domain received in the request matches your site domain. If not, force a redirection to the user. Like so:
```
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www.example.com
RewriteRule (.*) https://www.example.com$1 [R=301,L]
```
So IP accesses will be forced back to the domain name.
Obviously, you could return anything, this is just one method I see often.
Login or Signup to reply.

- Luis
- March 1, 2019 at 2:33 pm
- 0 votes
0
Edit or create a default vhost and put this inside:
```
<VirtualHost *:80>
    ServerName xxx.xxx.xxx.xxx
    Redirect 403 /
    DocumentRoot /var/www/html
</VirtualHost>
```
xxx.xxx.xxx.xxx is your server ip address

After that restart your apache
```
sudo a2ensite your-vhost.conf
sudo systemctl restart apache2
```
Hope that helps
Login or Signup to reply.

Under the ubuntu 20.04

Server version: Apache/2.4.41 (Ubuntu)

i just copied my 000-default-ssl.conf as disable-ip.ssl.conf and put below the content

cd /etc/apache2/sites-available
cp 000-default-ssl.conf disable-ip.ssl.conf

content of disable-ip.ssl.conf vhost file

<IfModule mod_ssl.c>
        <VirtualHost *:443>
                ServerAdmin root@localhost
                ServerName localhost
                ServerAlias XXX.XXX.XX.XX  # here write ip adresss of your web site
                UseCanonicalName Off
                Redirect 403 /
                ErrorDocument 403 "Sorry, direct IP access not allowed."

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                SSLEngine on

                <FilesMatch ".(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                SSLCertificateFile    /etc/letsencrypt/live/domain.com/fullchain.pem
                SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
                Include /etc/letsencrypt/options-ssl-apache.conf
        </VirtualHost>
</IfModule>

then

a2ensite disable-ip.ssl.conf
service apache2 restart

Please signup or login to give your own answer.

Click here to cancel reply.