skip to Main Content

I would like Apache 2.4.x to ignore (i.e., not respond to) any request that does not match a specific domain name. My configuration is the following:

<VirtualHost *:443>
 ServerName foobar.com
 RedirectMatch /(.*) https://www.foobar.com/$1
 ...
</VirtualHost>

<VirtualHost *:443>
 ServerName www.foobar.com

 ServerAdmin webmaster@localhost
 DocumentRoot /var/www/html
        ...
</VirtualHost>

Are the ServerName fields sufficient to instruct Apache to not respond to requests not matching any of my ServerName values in my VirtualHosts?

The way I would like Apache to behave is to look at the Host request header, compare it to the ServerName fields above, and ignore requests whose Host header value does not match anything.

My site is https-only and port 80 is not open.

2

Answers


  1. There will always be some answer, as a connection has to be established in order to see the host header.

    As you’re https only, odds are that certificate negotiation will fail for unknown or unconfigured domains.

    In general, you should configure a virtual host for all known domains and fall back to the default virtual host for any requests that don’t match.

    Clients will see a certificate error, there’s nothing you can do against that. But you’re in control of the message that is shown to all clients that either don’t get a certificate error or choose to connect nevertheless. You do that by explicitly configuring the default virtual host accordingly.

    Login or Signup to reply.
  2. Use a ‘require‘ directive.

    Require %{HTTP_HOST} -strcmatch 'foobar.com'
    

    that will return http status 403 (Forbidden) if host doesn’t match

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search