How to defend my apache2 server from anti DNS pinning and anti dns rebinding?
I work in company where is inform safety is important, but they only can test in one platform and tell me where is problem(
I am front-end and do not know how to defend my server ( Madly I hope that you will help with advice and show me the right path! Thank you very much in advance )
This is my
site.name.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName site.name
ServerAlias site.name
DocumentRoot /data/edu3/public
<Directory /data/edu3/>
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/apache2/options-ssl-apache.conf
SSLCertificateFile /data/ssl/u1.crt
SSLCertificateKeyFile /data/ssl/u1.key
</VirtualHost>
<VirtualHost *:443>
ServerName catchall
<Location />
Order allow,deny
Deny from all
</Location>
</VirtualHost>
</IfModule>
<VirtualHost 10.224.32.10:80>
ServerAdmin webmaster#localhost
ServerName site.name
DocumentRoot /data/edu3/public
<Directory /data/edu3/>
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost _default_:*>
ServerName catchall
<Location />
Order allow,deny
Deny from all
</Location>
</VirtualHost>
<VirtualHost 10.224.32.10:80>
ServerName catchall
<Location />
Order allow,deny
Deny from all
</Location>
</VirtualHost>
The easiest way is to add this virtualhost separately, and make sure that the virtualhost for the main website is using the ServerName directive.
<VirtualHost _default_:80>
ServerAdmin webmaster#localhost
DocumentRoot "/path/to/defaultpagedirectory"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log
</VirtualHost>
Basically what this does is that, it has a default page in the document root (you have to create it), it will serve that default page to the user if the Host header differs.
Related
I followed the How To Deploy a Flask Application on an Ubuntu VPS
and How To Install the Apache Web Server on Ubuntu 20.04
from Digital Ocean where my hosting is. I have two type A DNS records set up where the hostname is my URL with www and my URL without it, that direct to the value of my public IP.
I can change which address shows the correct information by changing ServerName to either my public IP, my website with www, or my website without www. How can I make it so that www.mywebsite.com and mywebsite.com both show correctly? A redirect surely can't be the right answer?
Here is the conf file: /etc/apache2/sites-available/FlaskApp.conf
<VirtualHost *:80>
ServerName www.mywebsite.com
ServerAdmin admin#mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
I tried adding a permanent redirect it didn't work.
<VirtualHost *:80>
ServerName www.mywebsite.com
Redirect permanent / http://mywebsite.com/
ServerAdmin admin#mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
For anyone else with this problem I found a solution by adding a server alias:
<VirtualHost *:80>
ServerName www.mywebsite.com
ServerAlias mywebsite.com
ServerAdmin admin#mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
I have a little problem.
I have a VPS configured with Apache, I have 2 VH, one is mydomain.com and other is subdomain.mydomain.com
Problem is that whenever I type the VPS IP in the browser, it goes to the subdomain. Is there a way to default this to the main domain?
I've created a folder called sites-enabled which contains both configuration files, they look something like this.
example.net.conf:
<VirtualHost *:80>
ServerName example.net
ServerAlias www.example.net
DocumentRoot /var/www/example.net
<Directory /var/www/example.net>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
</Directory>
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
</FilesMatch>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
admin.example.net.conf:
<VirtualHost *:80>
ServerName admin.example.net
DocumentRoot /var/www/admin.example.net
DirectoryIndex index.html
ErrorLog ${APACHE_LOG_DIR}/admin.example.net.log
CustomLog ${APACHE_LOG_DIR}/admin.example.net.log combined
</VirtualHost>
How can I set the first one to be the default?
place the below code in the 000-default.conf file
<VirtualHost *:80>
DocumentRoot /var/www/example.net
<Directory /var/www/example.net>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
</Directory>
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
</FilesMatch>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
I am trying to get this virtualhost working on apache + ubuntu. I want it to work without a real domainname but by ip and the path. It is now not getting activated. Is it possible to use the serverName like this or are only domain names valid?
<VirtualHost *:80>
serverName 37.35.66.98/just-do-it/
DocumentRoot /var/www/html/just-do-it/web
<Directory /var/www/html/just-do-it/web>
AllowOverride All
Order Allow,Deny
Allow from All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Remove path portion from server name, then this should work
<VirtualHost *:80>
serverName 37.35.66.98
DocumentRoot /var/www/html/just-do-it/web
<Directory /var/www/html/just-do-it/web>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Order Allow,Deny
Allow from All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
do not forget to add your server name in /etc/hosts file
I am using Ubuntu 16.04.1 with Apache2.4.7
I enabled both the sites using a2ensite and reloaded apache2. It reloads successfully, but always shows sitea even for siteb.com or www.siteb.com
sitea.conf has following content:
<VirtualHost *:80>
ServerName sitea.com
ServerAlias www.sitea.com
ServerAdmin webmaster#localhost
ServerRoot /home/sitea/
DocumentRoot /home/sitea/www
<Directory /home/sitea/www>
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
siteb.conf has following content:
<VirtualHost *:80>
ServerName siteb.com
ServerAlias www.siteb.com
ServerAdmin webmaster#localhost
ServerRoot /home/siteb/
DocumentRoot /home/siteb/www
<Directory /home/siteb/www>
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Please suggest what am I doing wrong.
I currently have one domain set up on my LAMP server, and I want to add another one. I tried doing it myself but when I ran into issues, I follow this. I had example.com set up and it was working fine, all traffic would redirect to its https and I want to continue that.
However, the second domain I'm using (represented by test.ca) is still going to example.com. I was hoping someone could inform me what I am doing wrong. Should test.ca be a folder within example.com? and how do you point to it? Is it cause I redirect traffic to https://example.com for the ssl so all traffic just goes there?
/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:80>
ServerName test.ca
Redirect permanent / http://test.ca
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/localcerts/example.com.crt
SSLCertificateKeyFile /etc/ssl/localcerts/example.com.key
SSLCACertificateFile /etc/ssl/localcerts/intermediate.crt
ServerAdmin example#gmail.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html/example.com/public_html/
ErrorLog /var/www/html/example.com/logs/error.log
CustomLog /var/www/html/example.com/logs/access.log combined
<Directory /var/www/html/example.com/>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin example#gmail.com
ServerName test.ca
ServerAlias www.test.ca
DocumentRoot /var/www/html/test.ca/public_html/
ErrorLog /var/www/html/test.ca/logs/error.log
CustomLog /var/www/html/test.ca/logs/access.log combined
<Directory /var/www/html/test.ca/>
Require all granted
</Directory>
</VirtualHost>
/etc/apache2/sites-available/example.com.conf
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/localcerts/example.com.crt
SSLCertificateKeyFile /etc/ssl/localcerts/example.com.key
SSLCACertificateFile /etc/ssl/localcerts/intermediate.crt
ServerAdmin example#gmail.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html/example.com/public_html/
ErrorLog /var/www/html/example.com/logs/error.log
CustomLog /var/www/html/example.com/logs/access.log combined
<Directory /var/www/html/example.com/>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>
</VirtualHost>
/etc/apache2/sites-available/test.ca.conf
<VirtualHost *:80>
ServerName test.ca
Redirect permanent / http://test.ca
</VirtualHost>
<VirtualHost *:444>
ServerAdmin example#gmail.com
ServerName test.ca
ServerAlias www.test.ca
DocumentRoot /var/www/html/test.ca/public_html/
ErrorLog /var/www/html/test.ca/logs/error.log
CustomLog /var/www/html/test.ca/logs/access.log combined
<Directory /var/www/html/test.ca/>
Require all granted
</Directory>
</VirtualHost>
You might want to change the header of the Virtualhost from
<VirtualHost *:444>
to
<VirtualHost *:443>
as a start, or it must be your intentions to link to that port instead of the default https port.