I recently wanted to point all subdomains for a test domain, let's say example.com to the localhost. Is there a way to point all requests on *.example.com to resolve to 127.0.0.1
Asked
Active
Viewed 1.7e+01k times
5 Answers
126
It happens that /etc/hosts file doesn't support wild card entries.
You'll have to use other services like dnsmasq. To enable it in dnsmasq, just edit dnsmasq.conf and add the following line:
address=/example.com/127.0.0.1
-
6
-
2
-
5For ubuntu `dnsmasq` setup see [this one](http://askubuntu.com/questions/150135/how-to-block-specific-domains-in-hosts-file/150180#150180). – lemonsqueeze May 13 '15 at 21:13
-
6For macosx setup http://passingcuriosity.com/2013/dnsmasq-dev-osx/ is pretty helpful. – aamir Jun 08 '15 at 15:02
-
5rahilwazir, actually, it is if you dont want all subdomains. # also works as a wild card. I'm personally using `address=/dev#.example.com/127.0.0.1 to make dev123.example.com etc work. – Ray Foss Oct 28 '15 at 13:29
-
-
For some reason dnsmasq does not work at all. Is there a way to make sure I configure anything correct? – Romulus Urakagi Ts'ai Nov 30 '16 at 07:45
-
I don't know this tool and it does many things other than just hosts file replacement, can you please expand your answer saying how to enable dnsmasq or how to make changes take effect? I did just what you mentioned and got nothing, thank you. – santiago arizti Jun 07 '17 at 22:36
-
This works just fine with dnsmasq. Just remember, you have to restart it after changing the config. E.g. `sudo systemctl restart dnsmasq`. – Forivin Sep 14 '17 at 12:12
-
Is there a way to do this _without_ having to create the same file with different names each time? – leetbacoon Oct 03 '19 at 20:05
11
use dnsmasq
Assuming that you're using a Debian-based dist(ubuntu, mint..), check if it's installed with
(sudo) systemctl status dnsmasq
If it is just disabled, start it with
(sudo) systemctl start dnsmasq
If you have to install it, write
(sudo) apt-get install dnsmasq
To define domains to resolve edit /etc/dnsmasq.conf like this.
address=/example.com/127.0.0.1
to resolve *.example.com
! You must reload dnsmasq to take effect for the changes !
systemctl reload dnsmasq
8
Here is the configuration for those trying to accomplish the original goal (wildcards all pointing to same codebase -- install nothing, dev environment ie, XAMPP)
hosts file (add an entry)
file: /etc/hosts (non-windows)
127.0.0.1 example.local
httpd.conf configuration (enable vhosts)
file: /XAMPP/etc/httpd.conf
# Virtual hosts
Include etc/extra/httpd-vhosts.conf
httpd-vhosts.conf configuration
file: XAMPP/etc/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin admin@example.local
DocumentRoot "/path_to_XAMPP/htdocs"
ServerName example.local
ServerAlias *.example.local
# SetEnv APP_ENVIRONMENT development
# ErrorLog "logs/example.local-error_log"
# CustomLog "logs/example.local-access_log" common
</VirtualHost>
restart apache
create pac file:
save as whatever.pac wherever you want to and then load the file in the browser's network>proxy>auto_configuration settings (reload if you alter this)
function FindProxyForURL(url, host) {
if (shExpMatch(host, "*example.local")) {
return "PROXY example.local";
}
return "DIRECT";
}
Community
- 1
- 1
Daniel Jordi
- 183
- 1
- 2
-
Does not works for hosts file on Windows. It will only accept www.example.com – Andre Figueiredo Apr 22 '15 at 19:13
-
1this does work on windows using the pac file in firefox. I have tested this on multiple windows machines. the hosts file only requires the one entry, the pac file handles the subdomains. – Daniel Jordi Apr 23 '15 at 20:02
-
2The original question as I understand it is not about apache at all but on the networking level so I think your response misses the point :/ – enTropy Feb 20 '17 at 14:26
-
for using the pac file in internet explore see:https://campus.barracuda.com/product/websecurityservice/article/WSS/ConfigProxyWithPACFile/ – Aug 16 '17 at 06:21
-
1Please note that when using a pac file to proxy requests to a host (e.g. localhost), a web server like Apache would use the full URL (including protocol and hostname) in REQUEST_URI variable instead of only the path component. – JSchirrmacher Oct 15 '17 at 14:33
-
-
Port is missing. I would provide :80 to be sure. Or else, don't know, maybe browser would pick 3128 – OCTAGRAM Dec 18 '20 at 22:29
1
It was a simple question, guys. The answer seems to be "no."
The reason I'm looking for information about this topic is that Google just added lots of new top level domains that seem to be designed for abuse, like .zip and .mov. They only went live five days ago and malicious actors have already set up pages using those domains to steal credentials, install malware, and worse. Leaving aside questions about Google's motivation, it would be very helpful to have a fast and simple way, that doesn't involve either going to some dubious web page to install someone's shiny new security app, which we rilly rilly swear doesn't have any hidden spy features, or spending a decade learning regex fu, to blacklist everything on all of them. For that matter, .biz has existed for twenty-two years and I have yet to see the first legitimate thing that uses it. I'd also like to bitbucket all traffic in either direction for .ads, .adult, .ru, .cn, .kr, .xyz, .za, and .zn. Anything and everything, for that matter, that doesn't use one of the original seven .tlds:
.com .edu .gov .int .mil .net .org
has been 100% sketchy AF since day one and it would be ideal for me, in my own personal use case, on my own computers, to point all of it to 0.0.0.0.
user21918228
- 11
- 1
-
Hi and welcome here. You are right, spoofing is Evil, but I dont know any way to avoid it. Each time a nTLD appears :( – Philippe May 18 '23 at 10:20
-1
Using wildcard for host file is not possible or require complex method.
Go here to get ip address you wanna block https://dnsdumpster.com/
enter domain: example.com then roll down. Click on download xlsx of host. All ip of domain and subdomain is listed here.
Copy ip address from excel column to a txt file name ip_address.txt
First, you need enable firewall:
sudo ufw enable
Second, using this command:
while read -r ip_address; do sudo ufw deny out to $ip_address; done < ip_address.txt}
Note that you need use "out to" to block outbound connect from your pc to ip. If you use use "from" it only block inbound connect from ip to your pc and user still can get access to ip.
Third, test if ufw work by using:
sudo ufw status numbered
When you want remove a rule:
sudo ufw delete <rule-number>
satosoft.com
- 19
- 2
-
-
point all requests on *.example.com to resolve to 127.0.0.1 = blocking all subdomain of example.com !!! – satosoft.com May 14 '23 at 13:35
-
The question doesn’t mention blocking, that’s your inference. Consider a site like tumblr.com. Each user gets their own subdomain (example.tumblr.com). When doing development work to test that feature, you’d need to resolve *.example.com to 127.0.0.1 so that you could test out different_usernames.example.com and make sure that your server-side code picks it up. – Quentin May 14 '23 at 14:57
-
Sorry for the misunderstanding. I had tried using dnsmasq but it not work on linux-ubuntu as expected. So if you need to resolve *.example.com to 127.0.0.1 for testing purpose you may need to follow other guide. If you need to effectively block all connection to a domain and its subdomain, you may considering using my guide. Tks – satosoft.com May 15 '23 at 02:31
-
You can also go to dnsdumpster.com to get list of all subdomain. It's just a matter of copy and paste. Host file need resolve subdomain to a specific IP before transfer to 127.0.0.1. That's why using wildcard is not possible in host file. – satosoft.com May 15 '23 at 03:05