Make Apache server only accept requests to domain rather than IP

I have a CentOS server running Apache 2.2.15. If the IP address of the server is 192.0.2.231 and I write in browser http://192.0.2.231/ it goes on my website.

I want to prevent this. I want my website to be accessible only on the FQDN i.e. http://example.com/.

How can I configure my server so the website is not accessible when I visit the IP address?

You can use Alias * to catch any other trafic than thoose allowed in your virtual host, for this you have to use in the last position a virtual host with * as alias.

Like that only defined domain will be served.

<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/default
...
</VirtualHost>

<VirtualHost *:80>
ServerName another.example.com
DocumentRoot /var/www/another
...
</VirtualHost>

# /!\ THIS HAS TO BE ON THE LAST POSITION /!\
<VirtualHost *:80 *:443>
# [ Server Domain ]
ServerName localhost
ServerAlias *
# [ Cancel trafic ]
RewriteRule .* - [END,R=406]
# [ Custom Log ]
CustomLog ${APACHE_LOG_DIR}/other.log combined
</VirtualHost>

In my example only example.com and another.example.com will be allowed, all other domains or IP will have trafic cancelled.

To cancel the trafic you can use a redirect to - and then add an error code, for example i used a RewriteRule to redirect to 406 Not Acceptable (R=406).

Here you can find the list of redirect codes: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes

You can add a default virtual host that just gives a "denied" error, or whatever. When a browser then comes to your webserver without a host in the URL that matches any ServerName or ServerAlias lines in other virtual hosts will be served by the default virtual host.

So in your apache config:

<VirtualHost *:80>
    ServerName default
    DocumentRoot /var/www/default
    ...
</VirtualHost>

<VirtualHost *:80>
    ServerName example.com
    ...
</VirtualHost>

Make Apache server only accept requests to domain rather than IP

Related

Recent Posts