2

I just recently to see that many domain name (Polish, etc.) point to my dedicated server. It's by making a whois you can see that these areas are on the same IP as mine and on the same host.

I would like to avoid it and to authorize only mydomainname.com to connect to my site (I use Apache).

Thank you for your help

A.

Alex L.
  • 813
  • 2
  • 17
  • 34

2 Answers2

2

The first line of defense for unwanted traffic is IP filtering using a firewall. In your case, I believe you want to use mod_access which has an allow|deny by domain.

.htaccess

Order Deny,Allow
 Deny from all
 Allow from mydomainname.com

http://httpd.apache.org/docs/2.0/mod/mod_access.html

Chris Gessler
  • 22,727
  • 7
  • 57
  • 83
  • Ok, so I will use a firewall. Thanks. – Alex L. Mar 17 '12 at 08:23
  • A firewall will usually not be able to do this. It needs to be done on layer 5. It's much easier to just configure your web server to treat *unknown* hostnames ("named virtual hosts") with a **redirect** to `wikipedia.org` – Has QUIT--Anony-Mousse Mar 17 '12 at 17:43
  • Sorry... I wasn't thinking in terms of hostnames on the same machine, but forwarding all traffic to other servers you do not own is irresponsible. For example, what if someone decided to start a DOS attack on my server? I would then be redirecting the DOS attack on whomever I decided to redirect all my traffic to. – Chris Gessler Mar 18 '12 at 11:42
  • 1
    A DOS tool will usually ignore the response (just firing out requests as fast as possible) and not follow the redirect Anyway, the filter you proposed is a **source** filter. So it will only accept internal requests (even when they go the wrong domain), reject outside visitors. Probably not what he wanted. – Has QUIT--Anony-Mousse Mar 21 '12 at 07:07
1

I suggest you configure a "Name based virtual host" that will point your domain at your site, and point any others to a small application that serves up a "Invalid domain" page.

http://httpd.apache.org/docs/2.0/vhosts/name-based.html

Paul Grimshaw
  • 19,894
  • 6
  • 40
  • 59
  • Blindly forwarding all traffic to other servers you do not own is irresponsible. For example, what if someone decided to start a DOS attack on my server? I would then be redirecting the DOS attack on whoever I decided to redirect all my traffic to. It's Better to stop unwanted traffic, then force it upon someone else. – Chris Gessler Mar 18 '12 at 11:51
  • That's a valid point. I was assuming the incoming traffic would be genuine mistakes. I have edited the answer to correct this. – Paul Grimshaw Mar 18 '12 at 13:17
  • What do you think about a redirect to 127.0.0.1 ? – Chris Gessler Mar 19 '12 at 21:34