I'm trying to restrict direct access of my website through IP address. I want to only let people to see my website through domain.
When I made research I got one solution.
I added new VirtualHost in apache2 sites-available with my domain name and it worked with http://IP-ADDRESS but when someone try with https://IP-ADDRESS it can be accessible.
Again added another VirtualHost with port 433 to restrict https access too but it gives error.
My VirtualHost :
<VirtualHost *:80>
ServerName 157.245.247.15
ServerAlias localhost
ServerAdmin admin#localhost
DocumentRoot /var/www/my-site.com
<Location />
Order Allow,Deny
Deny from All
</Location>
ErrorLog ${APACHE_LOG_DIR}/157.245.247.15-error.log
CustomLog ${APACHE_LOG_DIR}/157.245.247.15-access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName 157.245.247.15
ServerAlias localhost
ServerAdmin admin#localhost
DocumentRoot /var/www/my-site.com
<Location />
Order Allow,Deny
Deny from All
</Location>
ErrorLog ${APACHE_LOG_DIR}/157.245.247.15-error.log
CustomLog ${APACHE_LOG_DIR}/157.245.247.15-access.log combined
</VirtualHost>
Error :
This site can’t provide a secure connection157.245.247.15 sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Now i cannot access my website even IP or domain due to SSL Protocol Error. How it can be solved ?
My main goal is to block direct access to IP address in http or https.
My OS : Ubuntu
Web Server : Apache
Thanks
First of all you shouldn't use an ip address as servername or serveralias. You should use an fqdn (resolved by a dns or by en entry in your hosts file)
Second: i can't see any configuration about the https. Where are key, certificate and chain configured?
Third: your configuration is denying access to everything
<Location />
Order Allow,Deny
Deny from All
</Location>
and not giving access to anything else.
Related
i got a problem with apache conf with Laragon.
so the case is :
i got 2 subdomain
subdom1.mysite.com (DNS Record to IP 1.2.3.4)
subdom2.mysite.com (DNS Record to IP 1.2.3.4)
IP 1.2.3.4 is my VPS
everything went well, but i got a problem.
when i access 'localhost' from my VPS, it keeps redirecting to subdom1.mysite.com
and localhost/phpMyAdmin also redirected to subdom1.mysite.com/phpMyAdmin
here's my httpd.conf
Define APACHE_LOG_DIR "C:/mydir/logs"
Define APACHE_ROOT_WEB_DIR "C:/mydir/wwwroot"
ServerName localhost
DocumentRoot "C:/mydir/wwwroot"
<Directory "C:/mydir/wwwroot">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<VirtualHost *:80>
ServerName subdom1.mysite.com
ServerAlias subdom1.mysite.com
DocumentRoot ${APACHE_ROOT_WEB_DIR}\subdom1.mysite.com
ErrorLog ${APACHE_LOG_DIR}/subdom1.mysite.com-error.log
CustomLog ${APACHE_LOG_DIR}/subdom1.mysite.com-access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName subdom2.mysite.com
ServerAlias subdom2.mysite.com
DocumentRoot ${APACHE_ROOT_WEB_DIR}\subdom2.mysite.com
ErrorLog ${APACHE_LOG_DIR}/subdom2.mysite.com-error.log
CustomLog ${APACHE_LOG_DIR}/subdom2.mysite.com-access.log combined
</VirtualHost>
my localhost keeps redirecting to first vHost. I've googled lot's of combination of directory, serverName etc. But no luck.
Your VirtualHosts are binding to all available interfaces. Because of how apache determines to which VHost should route a request, it's ending up in the first one defined.
You can either:
Bind your subdomains to the external ip only.
Create a VirtualHost for the main server using the loopback ip.
Create a VirtualHost with the _default_ address.
Some information:
If I go to mysite.com:9999 I get my site like 45.40.45.40:9999 .. and the 45.40.45.40 is the public ip of my router followed by the non-standard port used to connect my apache server on virtualbox on ubuntu.
I use dns redirect from namecheap.com in order to redirect mysite.com to my public_ip:used_port_to_connect_Apache so it wil be like so: 45.40.45.40:9999 in the url after I get connected.
My question is: how can I convert/returned the '45.40.45.40:9999' to the original domain name which is mysite.com only?
What do I need to do? Is this an Apache configuration setting somewhere? It is a Virtual Host on Apache server.
/etc/apache2/sites-available/mysite.com.conf:
Listen 9999
<VirtualHost *:9999>
<Directory /var/www/mysite.com/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
ServerAdmin info#mysite.com
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /var/www/mysite.com/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
I am having some issues in regards to sessions with a second server I am running on my home network. I do this as a hobby and to develop new applications before they officially go live.
I have a domain pointing to my ip and resolves successfully to server 1, but after configuring mod_proxy to send specific domains to server 2 I am getting some unwanted errors and results. I want the second server to act as a normal server and just go through the first server since my current router can only send port 80 to one local ip and not filter it.
I have a.mydomain.com for my second server and it resolves fine but When I try to use a web application on this second server I get the following error
Warning: You are now accessing Mydomain from http://10.0.1.38/, but Mydomain has been configured to run at this address: http://a.mydomain.com/
Can i fix this?
Also when trying to access phpmyadmin via the a.mydomain.com/phpmyadmin it will change to a.mydomain.com/proxy/phpmyadmin after logging in, can i change this so that it's basically seamless and does not add /proxy.
Here is my vhost config for server 1
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.server1domain.net
</VirtualHost>
<VirtualHost *:80>
ProxyPreserveHost On
ServerName a.mydomain.com
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://10.0.1.38/
ProxyPassReverse / http://10.0.1.38/
</VirtualHost>
Here is the vhost config for server 2
<VirtualHost *:80>
ServerAdmin admin#mydomain.com
DocumentRoot /var/www/mydomaincom
ServerName a.mydomain.com
</VirtualHost>
I am running Centos 6.4
Alright I finally figured this out, some of the stuff is a little obvious now but this works for anyone else in a similar situation.
So earlier in my http.conf I had this
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# destination directory
ProxyPass /proxy http://10.0.1.38
ProxyPassReverse /proxy http://10.0.1.38
</IfModule>
There seems to be two problems with this, it seems to add the /proxy/ directory and also is wrong since the ip does not have a trailing slash, thus I changed it to this
<IfModule mod_proxy.c>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
</IfModule>
And my http.conf vhost config for the first server looks like this now
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://10.0.1.38/
ServerName a.mydomain.com
</VirtualHost>
If you forget the trailing slash after the ip you will most likely end up with 502 errors: Could not resolve dns
The second servers vhost config looks like this
<VirtualHost *:80>
ServerAdmin admin#mydomain.com
DocumentRoot /var/www/mydomain
ServerName a.mydomain.com
</VirtualHost>
Hope that helps anyone else with similar issues.
I have a web application currently being served on two HTTPS ports - let's say 443 and 8443. The application has an Apache HTTP server as the front end and I am running into trouble setting up Apache config to exclude certain paths on one of the ports. I have my config set up as below in Apache
<Location /MyApp>
AuthType SOME_AUTH_MODULE
require user valid-user
</Location>
<Location ~ "/MyApp/(Login.html|Welcome.html)">
Satisfy Any
Allow from all
AuthType None
Require all granted
</Location>
I have my virtual hosts setup in Apache as below
<VirtualHost _default_:443>
DocumentRoot /path/to/my/files
Servername www.example.com:443
Other details go here
</VirtualHost>
<VirtualHost _default_:8443>
DocumentRoot /path/to/my/files
Servername www.example.com:8443
Other details go here
</VirtualHost>
What are the expected problems with above configuration, considering that Location directive doesn't take host and port information? Does Location directive use the first matching entry OR will it use one of after the other?
More details for folks who know Shibboleth
The first Location entry allows users to access the application in an SSO (Single Sign On) environment. The second entry is designed to allow users to access the same virtual host on a different port (8443) without going through SSO. What we are seeing is, the request headers are lost towards the end of the processing chain. When I remove the second Location entry all works fine.
Put the /Location directive inside the vhost directive you want to secure.
<VirtualHost _default_:443>
DocumentRoot /path/to/my/files
Servername www.example.com:443
<Location /MyApp>
AuthType SOME_AUTH_MODULE
require user valid-user
</Location>
Other details go here
</VirtualHost>
<VirtualHost _default_:8443>
DocumentRoot /path/to/my/files
Servername www.example.com:8443
Other details go here
</VirtualHost>
I have successfully setup Railo with Tomcat and Apache for a website on port 80. I'm however struggling to set another up that uses the same domain but a port other than 80.
I have the second site setup on port 9080 and with a SSL certificate and basic authentication. I can access it and get the SSL certificate and authentication prompt but once I get through that, Railo is outputting the default page (located at /opt/railo/tomcat/webapps/ROOT/index.cfm).
It's as if Tomcat is not getting from Apache the servername for the second site so Railo knows what docbase to use. Is it because I'm trying to use the same domain? Do I need to specify port 9080 somewhere in the Tomcat configuration?
I have pasted my configuration below. Any help is much appreciated.
Apache:
<VirtualHost *:80>
ServerName sitename
ServerAlias domainname
DirectoryIndex index.cfm index.html index.htm
DocumentRoot "/web/sitename"
<Directory "/web/sitename">
allow from all
Options +Indexes
</Directory>
</VirtualHost>
Listen 9080
<VirtualHost *:9080>
ServerName sitename2
ServerAlias domainname
DirectoryIndex index.cfm index.html index.htm
SSLEngine on
SSLCertificateFile /web/ssl/server.crt
SSLCertificateKeyFile /web/ssl/server.key
DocumentRoot "/web/sitename2
<Directory "/web/sitename2">
allow from all
Options -Indexes
AuthName .. basic auth settings ..
</Directory>
</VirtualHost>
Tomcat (server.xml):
<Host name="sitename" appBase="webapps">
<Context path="" docBase="/web/sitename" />
</Host>
<Host name="sitename2" appBase="webapps">
<Context path="" docBase="/web/sitename2" />
</Host>
The problem here is the Tomcat config. You cannot have two hosts with the same "sitename". One will override the other. Ideally, you would be able to get Tomcat to listen to multiple ports, just like you can with Apache, but Coyote (Tomcat's web server) is not as advanced as Apache is in terms of this kind of functionality. Most of the recommendations I've seen regarding running Tomcat on multiple ports suggest running separate instances of Tomcat on the same machine, so that's what I'd recommend to you as well, as it seems to be what's generally accepted.
If you installed a second instance of Tomcat and installed Railo on it, you could configure Apache to pass requests coming in to your second virtual host to your second instance of Tomcat. For example, you could have your second instance of Tomcat listen with it's AJP listener to port 9009 instead of 8009, and then configure your Apache virtual host to proxy requests to port 9009, thus hitting your second instance of Tomcat.
Then, in your second instance, you could create the same host entries but with the different docbase attribute.
For example:
<VirtualHost *:80>
ServerName sitename
ServerAlias domainname
DirectoryIndex index.cfm index.html index.htm
DocumentRoot "/web/sitename"
<Directory "/web/sitename">
allow from all
Options +Indexes
</Directory>
<Proxy *>
Allow from 127.0.0.1
</Proxy>
ProxyPreserveHost On
ProxyPassMatch ^/(.+\.cf[cm])(/.*)?$ ajp://localhost:8009/$1$2
</VirtualHost>
Listen 9080
<VirtualHost *:9080>
ServerName sitename2
ServerAlias domainname
DirectoryIndex index.cfm index.html index.htm
SSLEngine on
SSLCertificateFile /web/ssl/server.crt
SSLCertificateKeyFile /web/ssl/server.key
DocumentRoot "/web/sitename2
<Directory "/web/sitename2">
allow from all
Options -Indexes
AuthName .. basic auth settings ..
</Directory>
<Proxy *>
Allow from 127.0.0.1
</Proxy>
ProxyPreserveHost On
ProxyPassMatch ^/(.+\.cf[cm])(/.*)?$ ajp://localhost:9009/$1$2
</VirtualHost>
It's not a simple answer for what you're doing, but it will accomplish your goal.
-Jordan