how to make my apache website accept only host header with a specific entry

yaseen
September 27, 2021
315 views
0 votes
2 Answers

my website is under attack and I see that the attacker is bypassing the cloudflare security by entering the website with the IP and not with domain name, I am wandering if I can protect my website by making my apache-based website block all the requests that doesn’t have the name of my website in the host header of the attackers requests

Answers

Chosen as BEST ANSWER
- yaseen
- September 27, 2021 at 8:32 pm
- 0 votes
0
i don't know if this will protect my website "and" i forgot to mention that i am using xampp windows

anyway from the xampp rules file i just entered
```
<If "%{HTTP_HOST} == 'website'">
</If>
<Else>
  RewriteRule ^.*$ http://website/$1 [L]
</Else>
```
and it worked

that's it that's the answer for the question i asked

(Edit)

- Sammitch
- September 27, 2021 at 7:26 pm
- 0 votes
0
Even if you did do this all the attacker has to do is add the header to their requests and you’re still having the same problem. You need to block access from non-cloudflare IP ranges at the firewall.

https://www.cloudflare.com/ips/

Make sure that you put in an allow your for yourself for testing.

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.