Reputation: 72
Q: Disable access to default vhost and through server IP on Apache 2.4.10
I'm trying to get Apache 2.4.10 on Debian 8 "Jessie" up and running with multiple websites hosted on it. This might be an obvious and already answered question but I've never had the need to set-up a dedicated web host (usually just drop a WAMP server for development needs or pick up a web hosting service) and so far I have not had any luck finding an answer to my problem (I've found the complete opposite answers of what I'm trying to achieve). I need to get this working because apart from just hosting a couple of websites, there will be additional software set-up, for which, a regular web hosting service won't do.
Everything seems to be working as intended but the only problem is that I can't seem to find an optimal configuration which wouldn't just block access to default vhost with 403 - Forbidden. What I need is Apache to ignore requests (not just return a 404 document but tell the browser there's nothing there) from anyone accessing the default vhost or by accessing the server directly through it's designated IP. The designated IP should be left for SSH access only (since I don't have any kind of physical access to this server).
Basically, the web server should be accessible from a web browser through "FQDN-1" and "FQDN-2" (each located in their individual directories) and access to any other web address on this server should be ignored (invoking browser "404 not found" instead of returning a server error document, which would indicate that something is there).
my current vhost files:
<VirtualHost *:80>
ServerName FQDN-1
ServerAlias www.FQDN-1
ServerAdmin mail@FQDN-1
DocumentRoot /var/www/FQDN-1/public_html
ErrorLog /var/www/FQDN-1/logs/error.log
CustomLog /var/www/FQDN-1/logs/access.log combined
</VirtualHost>
And
<VirtualHost *:80>
ServerName FQDN-2
ServerAlias www.FQDN-2
ServerAdmin mail@FQDN-2
DocumentRoot /var/www/FQDN-2/public_html
ErrorLog /var/www/FQDN-2/logs/error.log
CustomLog /var/www/FQDN-2/logs/access.log combined
</VirtualHost>
The default vhost has been disabled through "a2dissite 000-default"
Iptables block everything except tcp port 80 and 22 (SSH access is whitelisted in iptables to just few specific iPs).
Upvotes: 0
Views: 2076
Answers (1)
Reputation: 17886
You can let the built-in name-based vhosting do the work for you. You can simply setup an additional (non default / non-first listed for *:80) virtualhost with
ServerName your-ip
and put a simple rule like
RewriteEngine ON
RewriteRule ^ .* [F]
or
Redirect 403 /
Upvotes: 3
Related Questions
- How to allow access only from a specific host on Apache Httpd 2.4?
- How to disable all apache virtual hosts?
- apache 2.4 - deny direct ip access and show custom error page
- Cannot allow only particular IP Address access my website with apache 2.4
- restrict access to virtualhost
- Prevent access to files through ip address - apache 2.4
- Block access from IP address in Apache2
- How to deny access to the host by domain name?
- How to restrict apache virtual hosts?
- Deny access from not default host