I have a bunch of scripts on a server running Ubuntu 12.04 and Apache. Currently, I can access the site both ways: via the IP and the domain name, for example: http://example.com and http://1.1.1.1 where example.com has an A record pointing to 1.1.1.1. My question is, is there a way to throw 403 or similar error when the site is accessed by the server IP and not by its domain name?
All I could find about my question is a link to the Apache HOW-TOs, however, there is no information on how to achieve this whatsoever. My assumption is that I have to edit the configuration file of the default vhost, but I don't know what exactly to change. Or perhaps there's a module for it?
Put this rule in your vhost configuration
RewriteEngine on
RewriteCond %{HTTP_HOST} ^1\.1\.1\.1$
RewriteRule ^ - [F]
Related
I've read plenty of Stackoverflows but I seem to be missing something.
I have a PHP application running on https://subdomain.example.com/page/x but for SEO reasons I want people/bots to see https://example.com/subdomain/page/x.
I can rewrite the URL by using:
RewriteEngine on
RewriteCond %{HTTP_HOST} subdomain.example.com
RewriteRule ^(.*)$ https://example.com/subdomain/$1 [L,NC,QSA]
This rewrite results in: https://example.com/subdomain/page/x, but I keep recieving a 404 error since the "main" domain doesn't know the path /subdomain/page/x of course.
What I want is to have the URL https://example.com/subdomain/page/x but run it on https://subdomain.example.com/ in the background since this is the place where the PHP application is running.
Is this possible? How should I do this?
There is no strong SEO reason not to use subdomains. See Do subdomains help/hurt SEO? I recommend using subdirectories most of the time but subdomains when they are warranted.
One place where subdomains are warranted is when your content is hosted on a separate server in a separate hosting location. While it is technically possible to serve the content from a subdirectory from the separate server, that comes with its own set of SEO problems:
It will be slow.
It will introduce duplicate content.
From a technical standpoint, you would need to use a reverse proxy to on your example.com webserver to fetch content for the /subdomain/ subdirectory from subdomain.example.com. The code for doing so in the .htaccess file of example.com would be something like:
RewriteEngine on
RewriteRule ^subdomain/(.*)$ https://subdomain.example.com/$1 [P]
The [P] flag means "reverse proxy" which will cause the server to fetch the content from the remote subdomain. This will necessarily make it slower for users. So much so that it would be better for SEO to use a subdomain.
For this to work you would also need to leave the subdomain up and running and serving content for the main server to fetch. This causes duplicate content. You could solve this issue by implementing canonical tags pointing to the subdirectory.
This requires several Apache modules to be available. On my Debian based system I needed to run sudo a2enmod ssl proxy rewrite proxy_connect proxy_http and sudo service apache2 reload. I also had to add SSLProxyEngine on in my <VirtualHost> directive for the site I wanted to use this on.
Im trying block websites in certain hours, but i cant use correctly the rewrite cond or what is the better way?
<IfModule rewrite_module>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.facebook.com$ [NC]
RewriteCond %{TIME_HOUR} ^(11|12|13|14|15)$
RewriteRule .? /restrinction_social.html [L]
</IfModule>
are you trying to block the website so you can internal network can not access it?
the .htaccess is for domains hosted on your server your configuration could work if your server is the host of facebook.com
if you are trying to block your internal network to access facebook.com maybe you can do it with DNS or a PROXY server like squid
You may try this procedure on how to block website on your network through httpd.conf.
Navigate to your Apache installation directory, which is typically the /etc/httpd/conf directory on most servers. The path to the installation directory is case-sensitive.
Locate the httpd.conf file in the conf directory, and then open using vi command or your text editor. You can use cp command to create a backup. Please see the sample below:
$ cp -R httpd.conf httpd.conf.bak
Scroll down to the "ProxyBlock" line.
Enter the domains you want to block in the "ProxyBlock" line. Add the domain name to block after the last domain name. You do not need to add a comma -- just add a single space after the last blocked domain name. Please see the sample below:
Proxy Block google.com facebook.com
Save the file to the server, making sure to preserve the file's case-sensitive name. Test that the file is working properly by trying to visit the blocked websites using a computer located on your network.
Hope this information works for you.
I am trying to make a post request to http://localhost/donate/payment.php".
It works fine when I run the application locally
However when I change the URL to
"http://ec2-xx-xxx-xx-xxx.ap-southeast-2.compute.amazonaws.com/opt/lampp/htdocs/donate/payment.php"
I get page not found error. I can guarantee that the file is present in the location.
I have tried several things like changing the permission of the the /opt file recursively to 777. Also tried changing the apache server port default port from 80.
I even tried placing a .htacces file inside the donate folder to access the server. the contents are
RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain.com
RewriteRule (.*) http://www.yourdomain.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^www\.yourdomain\.com$
RewriteCond %{REQUEST_URI} !^/WebProjectFolder/
RewriteRule (.*) /WebProjectFolder/$1
All attempts have failed. Is there anything else I am missing here. I have installed bitnami parse server and I am able to access that by http in the browser. It is present in the folder /apps in the root folder.
Does AWS override any security permissions?
Assuming /opt/lampp/htdocs/is your document root, shouldn't the URL be http://ec2-xx-xxx-xx-xxx.ap-southeast-2.compute.amazonaws.com/donate/payment.php?
You might also want to verify a couple of things:
Make sure your security policy has its inbound port 80 open to the public (or where you'll be visiting from)
Assuming you're using Apache httpd, make sure it accepts connections on the external interface or all interfaces (e.g. Listen 80, Listen 0.0.0.0:80, etc)
First, if you actually get an error from your Apache server, the issue has nothing to do with AWS. If there were misconfigured security groups or NACL, you'd never reach port 80 (http).
Second, never ever chmod -R 777, not only can you break your app behavior, but also, especially with PHP, you just opened security risks. Yes, this doesn't matter until your instance becomes part of a botnet and starts sending spam.
At a glance, I would say your Apache configuration lacks something, like a VirtualHost "any":
# from https://httpd.apache.org/docs/2.4/vhosts/examples.html
<VirtualHost *:80>
DocumentRoot "/www/example1"
ServerName www.example.com
# Other directives here
</VirtualHost>
It seems like your default location points to another directory, possibly the default one.
I have a server that I can access in browser through the domain name (secured with SSL) and the server IP address.
I would like to disable access with the server ip address:
http://123.45.678.901/ and https://123.45.678.901/
How can I do that ?
OK found the complete solution here via htaccess file and 2 rules :
RULE 1: Redirect all requests to secure HTTPS access (including ip request http://123.45.678.901 )
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://domain.com/$1 [L,R=301,QSA]
RULE 2: If the domain or subdomain is not exactly domain.com redirect to bare domain (mandatory to catch https://123.45.678.901/any-page for example)
Using redirect all wildcard subdomains to root domain
RewriteCond %{HTTP_HOST} !^domain\.com$ [NC]
RewriteRule (.*) https://domain.com/$1 [L,R=302,QSA]
All tests results here :
http://123.45.678.901/ > now redirect to https://domain.com/
https://123.45.678.901/ > now redirect to https://domain.com/
http://123.45.678.901/any-page > 404 > https://domain.com/index.php?p=any-page
https://123.45.678.901/any-page > 404 > https://domain.com/index.php?p=any-page
What are you trying to accomplish by blocking the IP access to the website? It is really the same thing. We only use nice looking domain names or host names for the benefit of humans. Whether you type in the domain name or IP is the exact same thing as someone can simply ping your hostname and get the IP address anyway.
If you want to enforce SSL simply do it for the host so that all access attempts require SSL. You can use apache mod_rewrite to accomplish this: https://www.sslshopper.com/apache-redirect-http-to-https.html
What you're asking for may not be possible, unless I'm not understanding the problem correctly. It's like saying I want someone to be able to send mail to my house only using my address but not my postal code, when the postal code effectively gives you the address.
Anyway hope this helped.
If you want to make it possible for users to access your site (server) through the domain name while accessing the corresponding IP address is disabled in order to disable the access to phpmyadmin through the IP address, it is impossible and not a good way to achieve what you want.
Roughly speaking, domain name is the human readable and memorable form of IP address, and when we type the domain name (e.g., http://google.com) on the browser, the domain name is converted to corresponding IP address by the DNS (domain name service) server, and the browser tries to connect to the IP address given by DNS. Eventually, trying to connect via domain name and IP address internally works the same way.
To remove the access of phpmyadmin from the other users and attackers, configuring the access control is right way. Try:
Use secure passwords for mysql users
Limit the permission of the mysql users according to the purpose of the mysql users. (Using the root user for all purpose and application is not a good way.)
If you correctly configure the above points, attackers can't access your database even if they know the URL of phpmyadmin.
To make sure that a redirect takes place only when someone is browsing with the ip of the server, I did the following (Ubuntu 20.04 - commands and paths may differ, if you use another OS):
Create a noip.conf file in /etc/apache/conf-available/ folder with this content:
<If "%{HTTP_HOST} =~ /12\.34\.56\.78/">
RewriteEngine on
RewriteRule ^ http://my.domain.com [L,R=301]
</If>
Enable the configuration and restart apache:
a2enconf noip
apachectl restart
The above will not work if someone types in the ip using https. They will get a "Your connection is not private" message. Then if they click "Proceed to 12.34.56.78", they will get the first matching ssl enabled virtual host. Make sure that this host is the one you want it to be.
You should also check if other applications on the server are listening on alternative ports, since someone could type in 12.34.56.78:999.
Hello there and I apologize if this has been posted already.
I would need some help, I am a novice as you can see.
Here is the Issue:
The web site has been finished and needs now to go "live".
My current website is on a xyz cloud server with the IP 65.61.xxx.xx, which when entered in the browser shows my site correctly etc.
Now I need to change the IP address to the domain name which is hosted via Yahoo.
As been instructed, I would need to create a re-write rule in the htaccess (in the main root folder?), is the below correct and can this be applied to an IP address as the HTTP_host too?
Besides the above change do I need to change any other setting on my server or anywhere else?
RewriteEngine on
RewriteCond %{HTTP_HOST} 65.61.xxx.xx.com [NC]
RewriteRule ^(.*)$ http://www.newyahoodomain.com/$1 [L,R=301]
If I only enter the newyahoodomain.com/ in the web browser it shows "It works! This is the default web page for this server. The web server software is running but no content has been added, yet."
Sorry for this question, and I appreciate your reply!
Thanks, Steve
If you see "It works!", but not the site, then it is possible that your host definition in apache missing ServerName and ServerAlias directives. They tell to Apache to use this configuration when the request of specified domain name comes to your server. E.G:
ServerName http://www.newyahoodomain.com/
Check out this link: http://httpd.apache.org/docs/2.2/mod/core.html#servername