Question posted in
Some documentation to get you started can be found here.

Block other domains pointing to yours – Apache

I have domain abc.com and I noticed another domain not owned by me pointing to the same IP address as mine. It is ghosting mine, so when you visit that website it looks exactly as if you were on mine.

Any ideas of how to prevent that?

my vhost looks like:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName www.example.com
        DocumentRoot /path/to/site

        <Directory /path/to/site/>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>


RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com$ [NC]
RewriteRule (.*) http://www.example.com/$1 [R=301,L]

RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !example.com [NC]
RewriteCond %{HTTP_HOST} !example.com [NC]
RewriteRule .? - [F]

ServerName example.com
ServerAlias www.example.com
</VirtualHost>
</IfModule>
Tags:

2

Answers


  1. 0

    Apache uses the Host field from the HTTP requests headers to know which vhost is requested (Host corresponds to apache ServerName or ServerAlias).

    Try apache2ctl -S, it will give you an ouput containing something like:

    VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server ip (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost ip (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost www.example1.com (/etc/apache2/sites-enabled/001-vhost.conf:1)
         port 80 namevhost www.example2.com (/etc/apache2/sites-enabled/002-vhost.conf:1)
*:443                  is a NameVirtualHost
         default server 127.0.1.1 (/etc/apache2/sites-enabled/default-ssl.conf:2)
         port 443 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/default-ssl.conf:2)
         port 443 namevhost www.example1.com (/etc/apache2/sites-enabled/non-default-ssl.conf:2)

    Now imagine my ip is 1.1.1.1:

    Given those three curl commands:

    1. curl http://1.1.1.1 -H 'Host: www.example1.com'
1. curl http://1.1.1.1 -H 'Host: www.example2.com'
1. curl http://1.1.1.1 -H 'Host: www.spoofexample.com'

    First one, apache finds the corresponding ServerName in a vhost file and uses /etc/apache2/sites-enabled/001-vhost.conf to satisfy request

    Second one, apache finds the corresponding ServerName in a vhost file and uses /etc/apache2/sites-enabled/002-vhost.conf to satisfy request

    Third one (your undesired mapped DNS), apache doesn’t find the corresponding ServerName into any of its vhosts file, and uses /etc/apache2/sites-enabled/000-default.conf to satisfy request

    The same logic applies to SSL vhosts.

    PS1: ServerName for the default HTTP vhost has a value of ip, and there is no ServerName in the default SSL vhost. Apache just assumes a 127.0.1.1, which is not the IP address it listens on (just telling so it’s not more confusing).

    PS2: To make a vhost the default one it must be the first by names sorted (000 -> 001 -> 002).

    Login or Signup to reply.
  2. 0

    It is not possible somebody can ghost your account.
    Suppose I am domain owner of abc.com from hostgator. In order to host it on godaddy.com I have to go to domain controller put the godaddy nameservers there. Then on hosting i create a website with same name.
    You should not hosting a real domain with ipaddress also. always use name servers which will prevent all those configuration.
    Please check this page for redirects
    https://www.namecheap.com/support/knowledgebase/article.aspx/385/2237/how-to-redirect-a-url-for-a-domain
    Are you hosting a domain from your local computer ?

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search