Jach's personal blog

(Largely containing a mind-dump to myselves: past, present, and future)
Current favorite quote: "Supposedly smart people are weirdly ignorant of Bayes' Rule." William B Vogt, 2010

Minor apache adjustment

Figured I should do something about naked requests to this server's IP returning an old subdomain's content I don't really put anything on anymore. By default, Apache will use the first configuration it finds (reading vhost files alphabetically) if a request comes in without an associated domain name. Just so happened that the subdomain on another site was alphabetically first. Anyway, I looked up a fix, it seems to work, just put this at the top of that file:

<VirtualHost *:80>
ServerName default
RewriteRule ^ - [F]

Now naked requests return a 403 error, good. Amusingly this can be an issue for HTTPS too. Even though a secure connection by design requires a domain name, browsers can ignore the mismatch and curl can use -k flag and bots can do whatever. So the default response was for another site I recently setup that's alphabetically prior to this one. Solution is similar, but with Apache you must load an SSL key for the connection anyway, or things will break:

<VirtualHost *:443>
ServerName default
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
Redirect 403 /

Here I used a redirect for the 403 error instead of a rewrite rule, I think this is probably cleaner. (I first had it redirect to the blog here, but on second though, meh, just 403. Of course the cert itself shows this domain so nothing is hidden, but people shouldn't be requesting just the IP on port 443 anyway.)

Easy fixes, if a little awkward. I suspect Nginx does things nicer.

Posted on 2023-08-05 by Jach

Tags: fodder, tips


Trackback URL:

Back to the top

Back to the first comment

Comment using the form below

(Only if you want to be notified of further responses, never displayed.)

Your Comment:

LaTeX allowed in comments, use $$\$\$...\$\$$$ to wrap inline and $$[math]...[/math]$$ to wrap blocks.