2

We have a website, example.com, on Digital Ocean. It seems there is a user that used to have our IP address that has enabled domain masking for their site, or they are just poingint their domain, domain.com, to our sute. We do not want domain.com displaying our website, so I would like to block domain.com.

I tried using this guide: https://perishablepress.com/eight-ways-to-blacklist-with-apaches-mod_rewrite/ , but it seems like this doens't work with domain masking.

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?domain(-|.).*$  [NC]
    RewriteRule ^(.*)$ - [F,L]
</IfModule>

I saw this example: https://serverfault.com/questions/796674/block-masking-url-from-nginx/ , but I don't know how to translate this to Apache.

LucyTurtle
  • 1,043
  • 1
  • 17
  • 37
  • The usual approach is not a black list which you will have to manage actively, but to configure explicit hosts for your valid host names ("domains") and apache's default host for everything else which you can then simply block. – arkascha Dec 11 '18 at 20:45
  • @arkascha how would I do that? – LucyTurtle Dec 11 '18 at 20:45
  • You can configure arbitrary "hosts" inside the apache http server. The first one defined in your configuration is considered the default, all requests to host names where _no_ explicit host is defined for will get served by that default host. So go, define an explicit host for the valid host names you want to server as _second_ host and a default host which simply blocks all requests. – arkascha Dec 11 '18 at 20:48
  • I suggest you start reading the documentation. It is of excellent quality, as typical for OpenSource software, and comes with great examples. – arkascha Dec 11 '18 at 20:48
  • @arkascha i have added a servername to my VirtualHost and added a default host, but this still doesn't seem to block out domain.com. Maybe I'm doing something wrong could you possibly post an example? – LucyTurtle Dec 11 '18 at 21:04
  • 1
    Take care for the order of the hosts. The _first_ host read by the starting http server acts as default host. You can also check which hosts serves an actual request by simply monitoring their respective access log files. – arkascha Dec 11 '18 at 21:10
  • @arkascha I had them in the right order but I think I messed something up. Not sure what I did but it's working now. Thank you! – LucyTurtle Dec 11 '18 at 21:26

1 Answers1

6

@arkascha Suggested that I use the Apache's virtual hosts to get this job done.

The idea is to make your default host deny access, and then add another virtual host that will allow access to your domain. This means there is no blacklist, but a whitelist instead. This prevents and future or unknown domains causing similar issues.

Here is the content of my etc/apache2/sites-available/000-default.conf, which successfully blocked traffic from domain.com, and allowed traffic from example.com:

<VirtualHost *:80>
    ServerName catchall
    <Location />
        Require all denied
    </Location>
</VirtualHost>

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    ServerAdmin webmaster@example.com
    DocumentRoot /var/www/html/public

        <Directory /var/www/html/public>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
        </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
LucyTurtle
  • 1,043
  • 1
  • 17
  • 37