I would like Apache 2.4.x to ignore (i.e., not respond to) any request that does not match a specific domain name. My configuration is the following:
<VirtualHost *:443>
ServerName foobar.com
RedirectMatch /(.*) https://www.foobar.com/$1
...
</VirtualHost>
<VirtualHost *:443>
ServerName www.foobar.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
...
</VirtualHost>
Are the ServerName fields sufficient to instruct Apache to not respond to requests not matching any of my ServerName values in my VirtualHosts?
The way I would like Apache to behave is to look at the Host request header, compare it to the ServerName fields above, and ignore requests whose Host header value does not match anything.
My site is https-only and port 80 is not open.
2
Answers
There will always be some answer, as a connection has to be established in order to see the host header.
As you’re https only, odds are that certificate negotiation will fail for unknown or unconfigured domains.
In general, you should configure a virtual host for all known domains and fall back to the default virtual host for any requests that don’t match.
Clients will see a certificate error, there’s nothing you can do against that. But you’re in control of the message that is shown to all clients that either don’t get a certificate error or choose to connect nevertheless. You do that by explicitly configuring the default virtual host accordingly.
Use a ‘require‘ directive.
that will return http status 403 (Forbidden) if host doesn’t match