Minor apache adjustment

Figured I should do something about naked requests to this server's IP returning an old subdomain's content I don't really put anything on anymore. By default, Apache will use the first configuration it finds (reading vhost files alphabetically) if a request comes in without an associated domain name. Just so happened that the subdomain on another site was alphabetically first. Anyway, I looked up a fix, it seems to work, just put this at the top of that file:

<VirtualHost *:80>

  ServerName default

  RewriteRule ^ - [F]

</VirtualHost>

Now naked requests return a 403 error, good. Amusingly this can be an issue for HTTPS too. Even though a secure connection by design requires a domain name, browsers can ignore the mismatch and curl can use -k flag and bots can do whatever. So the default response was for another site I recently setup that's alphabetically prior to this one. Solution is similar, but with Apache you must load an SSL key for the connection anyway, or things will break:

<VirtualHost *:443>

  ServerName default

  Include /etc/letsencrypt/options-ssl-apache.conf

  SSLCertificateFile /etc/letsencrypt/live/thejach.com/fullchain.pem

  SSLCertificateKeyFile /etc/letsencrypt/live/thejach.com/privkey.pem

  Redirect 403 /

</VirtualHost>

Here I used a redirect for the 403 error instead of a rewrite rule, I think this is probably cleaner. (I first had it redirect to the blog here, but on second though, meh, just 403. Of course the cert itself shows this domain so nothing is hidden, but people shouldn't be requesting just the IP on port 443 anyway.)

Easy fixes, if a little awkward. I suspect Nginx does things nicer.

---

Posted on 2023-08-05 by Jach

Tags: fodder, tips

Permalink: https://www.thejach.com/view/id/419

Trackback URL: https://www.thejach.com/view/2023/8/minor_apache_adjustment

Back to the top