The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How do you block virtual hosts that don't exist?

Discussion in 'General Discussion' started by alphawolf50, Dec 13, 2011.

  1. alphawolf50

    alphawolf50 Well-Known Member

    Joined:
    Apr 28, 2011
    Messages:
    186
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hi,

    I've got a problem with a site we host. We obtained a new IP address and moved a client to that dedicated IP address, and that all works fine. However, that IP address used to belong to someone else, and that person's DNS A records still point to that IP. The server happily serves up pages from the actual domain when people request pages for the non-existent domain. So:

    http://www.mydomain.com/ <-correct, and returns the index like it's supposed to.
    http://www.notmydomain.com/ <- incorrect, but returns the index from www.mydomain.com.

    How do I stop this? So far my only solution has been to use .htaccess to do a 301 redirect back to the proper domain... but I don't like this because the "notmydomain" is not affiliated in any way to the real domain. I've also tried doing mod_rewrite rules that return a 410 error when not accessing the proper domain, but this causes an infinite recursion because Apache tries to serve an error document from the domain that .htaccess says it should not.

    Any ideas? Ideally http.conf would have a rule to reject the request when someone is looking for a non-existent virtual host, and it would send whichever HTTP error code is appropriate.
     
  2. ruzbehraja

    ruzbehraja Well-Known Member

    Joined:
    May 19, 2011
    Messages:
    383
    Likes Received:
    7
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
  3. alphawolf50

    alphawolf50 Well-Known Member

    Joined:
    Apr 28, 2011
    Messages:
    186
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    That had absolutely nothing to do with the problem I described. The problem is that a DNS record exists for a domain I do not control which points to an IP address I do control -- and Apache is serving content from that IP address despite the fact that the name of the virtual host does not match the host that is being called.

    Example:
    DNS Record: www.[B]my[/B]domain.com -> 1.2.3.4
    DNS Record: www.[B]not[/B]mydomain.com -> 1.2.3.4
    Virtual Host: www.[B]my[/B]domain.com (1.2.3.4)

    Now someone types "www.notmydomain.com" into their browser, and their computer finds 1.2.3.4 listed as the IP address. So it makes an HTTP request that looks something like this:
    Code:
    GET /
    Host: www.[B]not[/B]mydomain.com
    Connection: Keep-alive
    Accept: */*
    ...
    This request hits my server, since it holds the IP address 1.2.3.4.. however, www.[B]not[/B]mydomain.com does not exist on this server. Instead of rejecting the connection, Apache serves content from www.[B]my[/B]domain.com. How does one prevent this?
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Unfortunately, you cannot block a domain at the iptables (firewall) level due to how iptables functions, since it blocks by IP rather than domain name.

    You have a few options:

    1) You could try adding a VirtualHost entry onto your machine for that domain and have it go elsewhere.
    2) You could create a rewrite rule on the existing domain's .htaccess to have requests for that domain that is not yours go elsewhere.
    3) You could try creating a deny rule into the .htaccess file of the existing domain to have the domain that is not yours denied (I'm not entirely certain if this is possible based on how the request is processing, but it could be tried)
     
  5. alphawolf50

    alphawolf50 Well-Known Member

    Joined:
    Apr 28, 2011
    Messages:
    186
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hi cPanelTristan,

    Thanks for the input. I had tried .htaccess rules previously, but what you said gave me an idea that works well enough for me:

    RewriteCond %{HTTP_HOST} !mydomain\.com$ [NC]
    RewriteRule .* http://0.0.0.0/ [L,R=301]

    Now if someone tries to connect using a host that doesn't exist, it sends them to an IP that doesn't exist :)
     
Loading...

Share This Page