How to defend Apache2 from anti DNS pinning and anti DNS rebinding? - apache

How to defend my apache2 server from anti DNS pinning and anti dns rebinding?
I work in company where is inform safety is important, but they only can test in one platform and tell me where is problem(
I am front-end and do not know how to defend my server ( Madly I hope that you will help with advice and show me the right path! Thank you very much in advance )
This is my
site.name.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName site.name
ServerAlias site.name
DocumentRoot /data/edu3/public
<Directory /data/edu3/>
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/apache2/options-ssl-apache.conf
SSLCertificateFile /data/ssl/u1.crt
SSLCertificateKeyFile /data/ssl/u1.key
</VirtualHost>
<VirtualHost *:443>
ServerName catchall
<Location />
Order allow,deny
Deny from all
</Location>
</VirtualHost>
</IfModule>
<VirtualHost 10.224.32.10:80>
ServerAdmin webmaster#localhost
ServerName site.name
DocumentRoot /data/edu3/public
<Directory /data/edu3/>
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost _default_:*>
ServerName catchall
<Location />
Order allow,deny
Deny from all
</Location>
</VirtualHost>
<VirtualHost 10.224.32.10:80>
ServerName catchall
<Location />
Order allow,deny
Deny from all
</Location>
</VirtualHost>

The easiest way is to add this virtualhost separately, and make sure that the virtualhost for the main website is using the ServerName directive.
<VirtualHost _default_:80>
ServerAdmin webmaster#localhost
DocumentRoot "/path/to/defaultpagedirectory"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log
</VirtualHost>
Basically what this does is that, it has a default page in the document root (you have to create it), it will serve that default page to the user if the Host header differs.

Related

My website URL with www shows the correct content but shows the Apache2 Ubuntu Default page without www. How do I correct this?

I followed the How To Deploy a Flask Application on an Ubuntu VPS
and How To Install the Apache Web Server on Ubuntu 20.04
from Digital Ocean where my hosting is. I have two type A DNS records set up where the hostname is my URL with www and my URL without it, that direct to the value of my public IP.
I can change which address shows the correct information by changing ServerName to either my public IP, my website with www, or my website without www. How can I make it so that www.mywebsite.com and mywebsite.com both show correctly? A redirect surely can't be the right answer?
Here is the conf file: /etc/apache2/sites-available/FlaskApp.conf
<VirtualHost *:80>
ServerName www.mywebsite.com
ServerAdmin admin#mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
I tried adding a permanent redirect it didn't work.
<VirtualHost *:80>
ServerName www.mywebsite.com
Redirect permanent / http://mywebsite.com/
ServerAdmin admin#mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
For anyone else with this problem I found a solution by adding a server alias:
<VirtualHost *:80>
ServerName www.mywebsite.com
ServerAlias mywebsite.com
ServerAdmin admin#mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Set a default Virtual Host in Apache using Debian 10

I have a little problem.
I have a VPS configured with Apache, I have 2 VH, one is mydomain.com and other is subdomain.mydomain.com
Problem is that whenever I type the VPS IP in the browser, it goes to the subdomain. Is there a way to default this to the main domain?
I've created a folder called sites-enabled which contains both configuration files, they look something like this.
example.net.conf:
<VirtualHost *:80>
ServerName example.net
ServerAlias www.example.net
DocumentRoot /var/www/example.net
<Directory /var/www/example.net>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
</Directory>
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
</FilesMatch>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
admin.example.net.conf:
<VirtualHost *:80>
ServerName admin.example.net
DocumentRoot /var/www/admin.example.net
DirectoryIndex index.html
ErrorLog ${APACHE_LOG_DIR}/admin.example.net.log
CustomLog ${APACHE_LOG_DIR}/admin.example.net.log combined
</VirtualHost>
How can I set the first one to be the default?
place the below code in the 000-default.conf file
<VirtualHost *:80>
DocumentRoot /var/www/example.net
<Directory /var/www/example.net>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
</Directory>
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
</FilesMatch>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Apache virtualhost servername by ip + documentroot

I am trying to get this virtualhost working on apache + ubuntu. I want it to work without a real domainname but by ip and the path. It is now not getting activated. Is it possible to use the serverName like this or are only domain names valid?
<VirtualHost *:80>
serverName 37.35.66.98/just-do-it/
DocumentRoot /var/www/html/just-do-it/web
<Directory /var/www/html/just-do-it/web>
AllowOverride All
Order Allow,Deny
Allow from All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Remove path portion from server name, then this should work
<VirtualHost *:80>
serverName 37.35.66.98
DocumentRoot /var/www/html/just-do-it/web
<Directory /var/www/html/just-do-it/web>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Order Allow,Deny
Allow from All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
do not forget to add your server name in /etc/hosts file

Virtual Hosts on Apache2 loading same site for all hosts

I am using Ubuntu 16.04.1 with Apache2.4.7
I enabled both the sites using a2ensite and reloaded apache2. It reloads successfully, but always shows sitea even for siteb.com or www.siteb.com
sitea.conf has following content:
<VirtualHost *:80>
ServerName sitea.com
ServerAlias www.sitea.com
ServerAdmin webmaster#localhost
ServerRoot /home/sitea/
DocumentRoot /home/sitea/www
<Directory /home/sitea/www>
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
siteb.conf has following content:
<VirtualHost *:80>
ServerName siteb.com
ServerAlias www.siteb.com
ServerAdmin webmaster#localhost
ServerRoot /home/siteb/
DocumentRoot /home/siteb/www
<Directory /home/siteb/www>
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Please suggest what am I doing wrong.

Adding second domain to LAMP stack

I currently have one domain set up on my LAMP server, and I want to add another one. I tried doing it myself but when I ran into issues, I follow this. I had example.com set up and it was working fine, all traffic would redirect to its https and I want to continue that.
However, the second domain I'm using (represented by test.ca) is still going to example.com. I was hoping someone could inform me what I am doing wrong. Should test.ca be a folder within example.com? and how do you point to it? Is it cause I redirect traffic to https://example.com for the ssl so all traffic just goes there?
/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:80>
ServerName test.ca
Redirect permanent / http://test.ca
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/localcerts/example.com.crt
SSLCertificateKeyFile /etc/ssl/localcerts/example.com.key
SSLCACertificateFile /etc/ssl/localcerts/intermediate.crt
ServerAdmin example#gmail.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html/example.com/public_html/
ErrorLog /var/www/html/example.com/logs/error.log
CustomLog /var/www/html/example.com/logs/access.log combined
<Directory /var/www/html/example.com/>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin example#gmail.com
ServerName test.ca
ServerAlias www.test.ca
DocumentRoot /var/www/html/test.ca/public_html/
ErrorLog /var/www/html/test.ca/logs/error.log
CustomLog /var/www/html/test.ca/logs/access.log combined
<Directory /var/www/html/test.ca/>
Require all granted
</Directory>
</VirtualHost>
/etc/apache2/sites-available/example.com.conf
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/localcerts/example.com.crt
SSLCertificateKeyFile /etc/ssl/localcerts/example.com.key
SSLCACertificateFile /etc/ssl/localcerts/intermediate.crt
ServerAdmin example#gmail.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html/example.com/public_html/
ErrorLog /var/www/html/example.com/logs/error.log
CustomLog /var/www/html/example.com/logs/access.log combined
<Directory /var/www/html/example.com/>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>
</VirtualHost>
/etc/apache2/sites-available/test.ca.conf
<VirtualHost *:80>
ServerName test.ca
Redirect permanent / http://test.ca
</VirtualHost>
<VirtualHost *:444>
ServerAdmin example#gmail.com
ServerName test.ca
ServerAlias www.test.ca
DocumentRoot /var/www/html/test.ca/public_html/
ErrorLog /var/www/html/test.ca/logs/error.log
CustomLog /var/www/html/test.ca/logs/access.log combined
<Directory /var/www/html/test.ca/>
Require all granted
</Directory>
</VirtualHost>
You might want to change the header of the Virtualhost from
<VirtualHost *:444>
to
<VirtualHost *:443>
as a start, or it must be your intentions to link to that port instead of the default https port.