Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 309
  • Last Modified:

Step-by-step to block all, except one domain, and that one domain in a virtual host

My knowledge is a bit rusty and my previous configuration got lost during a mistake in a migration process. A few questions to appear in a series to get it back again. Nr 4:

So, it wasn't that hard to get Apache running, but I had some pretty complex virtual hosts configuration. It will take a while to get them all back, but let's just try to get some things right first.

My current configuration listens to all ip addresses (good), and serves all hostnames (not good). I would like it to block all, set an errorpage for "access denied" and to allow only one hostname. It should allow http://www.undermyhat.org and http://undermyhat.com (only some silly ramblings as a test site), but not, say, http://www.metacarpus.com (to be defined as another site later).

As you can see now, all point to the same address and I know it is simple, but I couldn't seem to get my hands around it. The relevant config part is as follows (currently, the root documentroot also points to the same location):

<VirtualHost *:80>
    ServerAdmin webmaster@undermyhat.com
    DocumentRoot "D:/some/local/path"
    ServerName undermyhat.org
    ServerAlias www.undermyhat.org
    ErrorLog "logs/undermyhat.com-error.log"
    CustomLog "logs/undermyhat.com-access.log" common
 
    <Directory "D:/Internet/Sites/metacarpus.com">
        Options Indexes FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

Open in new window

0
abel
Asked:
abel
  • 5
  • 4
1 Solution
 
giltjrCommented:
I would suggest that you code another virtual host, list it as the first virtual host and name it _default_"

<VirtualHost _default_:*>
</VirtuaHost>

Have it go to whatever document route you want.
0
 
giltjrCommented:
Wait, what level of apache are you running?  That works for 1.3, but after checking the 2.0 and 2.2 doc it sesms that may have been remove.  For 2.x you just define another virtual host that is:


<VirtualHost *:*>
</VirtuaHost>

or


<VirtualHost *:80>
</VirtuaHost>

and have it the 1st virtual host.  Then this will become the default virtual host for any unmatched names.
0
 
abelAuthor Commented:
I am running Apache 2.2, apologies, normally I put that in the Q.

>  Then this will become the default virtual host for any unmatched names.

ok, sounds good, so then I can ignore any settings that are in the rest of the file, about documentroot and everything, not being inside a <virtualhost> directive?

What about the syntax above, how do I make it match to the two domains I mentioned? And how do I make your suggestion work such that it gives an access denied?
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
giltjrCommented:
When you do virtual hosts, the settings within the VirtualHost defintion override all of the other settings.

The virtualhost defintions you have will work for the two host names you have:

ServerName undermyhat.org
ServerAlias www.undermyhat.org

I don't know if it makes that much of a big difference, but my personal preference would be two swap them like:

     ServerName www.undermyhat.org
     ServerAlias undermyhat.org

Only because I would assume most people would be entering www.undermyhat.org more and the ServerName is checked first.

I personally would create a default for the "denied" host that says "Nothing here to see."
0
 
abelAuthor Commented:
> and have it the 1st virtual host.  Then this will become the default virtual host for any unmatched names.
it only worked when it were the last in the list... all specific matches had to go before that. And, more importantly, apparently it also needs a

ServerAlias *
and no ServerName to work correctly as a "catch all".

What I was missing was the following line, which appears to be vital to get virtual hosts working in the first place:

NameVirtualHost *:80
Not sure if I am mixing things up, but using this configuration it did work in the end. I took over your tip about using the ServerName for the most-used servername, and the alias for any aliases.
0
 
giltjrCommented:
Um, interesting I have been putting my default host 1st for a few years now and it has always worked and I have never had to code ServerAlias *, as that is the implied default.

Yes, you do need NameVirtualHost coded to get virtual hosting to work, I did not mention that as I did make the assumption you already had that.

Here is the basic doc for named virtual hosting a Apache.  You can search for "default" and the first hit will  bring you to a small doc section titled "Main host goes away."  There it will tell you the same thing I did, code your default host first.
0
 
abelAuthor Commented:
ok, I'll experiment a bit. If they say it should be done like that and I don't, then I should change it such that it becomes the de facto standard... ;)

In fact, I think I would like to have a list of "not-yet-implemented-but-available-hosts", "implemented-hosts" (most specific) and "everything-else-resolved-to-my-ip", which should return a Bad Hostname response.
0
 
abelAuthor Commented:
experimentation time was disrupted by a lot of issues, which now seem resolved. My configuration is sound now and I have the different virtual hosts setup correctly (well, at least to the extend that I wanted it).

Thanks for the help. Understanding that "virtual hosts override all other settings" was vital for understanding this. As was "NameVirtualHost *:80".
0
 
abelAuthor Commented:
thanks!
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now