Wednesday, June 26, 2019

Prevent using wildcard in Apache server alias setting




This is a modified VirtualHost setting from my server.





  ServerName example.com
  DocumentRoot /mnt/example/public


  
    AllowOverride all

    Options -MultiViews




I found that I can access the example.com and also *.example.com, e.g. www.example.com, abcde.example.com, etc.



I know there should be a ServerAlias setting which let me activate wildcard subdomain suppot. But I can't see the ServerAlias setting my VirtualHost or Apache config file.




I want to allow only www.example.com and example.com can access my site, and other subdomain will get a 404 error.



How can I set this up?



Thanks all. :)


Answer



I think what you're missing before all your vhost containers in the conf file is:



NameVirtualHost *:80



Once you've done that, depending on what you want to do for all those wildcards you deem "invalid" you can create the required containers, and then followup with a final one with a wildcard that acts a catchall for the rest.



See http://httpd.apache.org/docs/2.2/vhosts/name-based.html



For instance, what I've done is have a vhost container for myhost.mydomain.tld, and then whatever other domains, and finally, I have a container for *.mydomain.tld that basically points to a static page notifying people to mind their own business.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...