Jach's personal blog

(Largely containing a mind-dump to myselves: past, present, and future)
Current favorite quote: "Supposedly smart people are weirdly ignorant of Bayes' Rule." William B Vogt, 2010

Minor apache adjustment

Figured I should do something about naked requests to this server's IP returning an old subdomain's content I don't really put anything on anymore. By default, Apache will use the first configuration it finds (reading vhost files alphabetically) if a request comes in without an associated domain name. Just so happened that the subdomain on another site was alphabetically first. Anyway, I looked up a fix, it seems to work, just put this at the top of that file:

<VirtualHost *:80>
ServerName default
RewriteRule ^ - [F]

Now naked requests return a 403 error, good. Amusingly this can be an issue for HTTPS too. Even though a secure connection by design requires a domain name, browsers can ignore the mismatch and curl can use -k flag and bots can do whatever. So the default response was for another site I recently setup that's alphabetically prior to this one. Solution is similar, but with Apache you must load an SSL key for the connection anyway, or things will break:

See Full Post and Comments