Restrict direct IP access to website

I want to restrict direct IP access to my website. I found several solutions involving .htaccess but none work. I've also found one solution via apache virtual hosts config which was working fine up until I installed a SSL certificate through CPanel. I have absolutely no idea what was altered in the httpd.conf file but now the redirect setting does not work even if I uninstall the SSL certificate.

Here's my current virtual hosts setup:

NameVirtualHost 192.168.1.1:80 NameVirtualHost *

<VirtualHost 192.168.1.1:80>
    ServerName mysite.com
    ServerAlias www.mysite.com
    DocumentRoot /home/rotate/public_html
    ServerAdmin [email protected]
    UseCanonicalName Off

    ## User rotate # Needed for Cpanel::ApacheConf
    UserDir disabled
    UserDir enabled rotate
    ScriptAlias /cgi-bin/ /home/rotate/public_html/cgi-bin/
</VirtualHost>

<VirtualHost 192.168.1.1:80>
    ServerName 192.168.1.1
    Redirect 403 /
    ErrorDocument 403 "Sorry, direct IP access not allowed."
    DocumentRoot /usr/local/apache/htdocs
    ServerAdmin [email protected]
    UseCanonicalName Off
    UserDir disabled
</VirtualHost>

<VirtualHost *>
    ServerName server.mysite.com
    DocumentRoot /usr/local/apache/htdocs
    ServerAdmin [email protected]
    UserDir disabled
</VirtualHost>

NameVirtualHost 192.168.1.1:443
<VirtualHost 192.168.1.1:443>
    ServerName mysite.com
    ServerAlias www.mysite.com
    DocumentRoot /home/rotate/public_html
    ServerAdmin [email protected]
    UseCanonicalName Off

    UserDir disabled
    UserDir enabled rotate

    ScriptAlias /cgi-bin/ /home/rotate/public_html/cgi-bin/
    SSLEngine on
    #SSL stuff here
</VirtualHost>

IP and names were substituted with generic ones. The "Redirect 403 /" part is not working since installing the SSL certificate. I'd be grateful if someone can shed some light on what am I doing wrong here. Thanks.

Solution 1:

And voila, the fix:

<VirtualHost mysite.com:80>
    ServerName mysite.com
    ServerAlias www.mysite.com
    DocumentRoot /home/rotate/public_html
    ServerAdmin [email protected]
    UseCanonicalName Off
</VirtualHost>

NameVirtualHost mysite.com:80
<VirtualHost 192.168.1.1:80>
    ServerName 192.168.1.1
    Redirect 403 /
    ErrorDocument 403 "Sorry, direct IP access not allowed."
    DocumentRoot /usr/local/apache/htdocs
    ServerAdmin [email protected]
    UseCanonicalName Off
    UserDir disabled
</VirtualHost>

<VirtualHost *>
    ServerName server.mysite.com
    DocumentRoot /usr/local/apache/htdocs
    ServerAdmin [email protected]
    UserDir disabled
</VirtualHost>

NameVirtualHost mysite.com:443
<VirtualHost mysite.com:443>
    ServerName mysite.com
    ServerAlias www.mysite.com
    DocumentRoot /home/rotate/public_html
    ServerAdmin [email protected]
    UseCanonicalName Off
</VirtualHost>

The solution was to simply replace the IP with the domain name for all virtualhost settings, except for the one which needs to redirect/restrict direct IP access.

Solution 2:

The answer could be much much simpler.

Just copy this into bottom of httpd.conf (usually located at /etc/httpd/conf)

<VirtualHost *:80>
ServerName localhost
Redirect 403 /
UseCanonicalName Off
UserDir disabled
</VirtualHost>

<VirtualHost *:80>
ServerName www.example.com
DocumentRoot /var/www/html
</VirtualHost>

Then only when visitors access by www.example.com, he can gain access to the server.