The setup is:
www.domainA.com
www.domainB.com
both actually hosted on one web server (Apache)
123.123.123.123/domainA
123.123.123.123/domainB
I have setup a hidden forward from the domains to the web server directories which works fine, however, produces duplicate content (since it is also available by addressing the web server directly). I tried setting up 301 redirects to the domains for every request that is targeting the IP address directly (using mod_rewrite),but found that this results in a forwarding loop. Obviously the server does not recognize whether the domain has been requested originally.
If anybody can give me a hint on how this is supposed to be done, I'd be glad to hear.
You can set up virtual hosting on the web-server so that it does pay attention to the hostname that was requested. This is a fairly common practice and should solve your problem. You can do away with separate subdirectories since each virtual host has its own virtual root.
So are you saying that you have pages indexed in google that reference your IP address and a directory rather than the domain name?
Also, I'm not sure why doing a redirect from the IP to the domain name would cause a redirect loop. If the redirect is based on the host header, it should work fine.
Related
I've been googling for a bit now, and I really cant seem to figure this out. I recently bought a domain name with google domains, that I wish to point to a sub domain on my web-server, (example) http://120.0.0.0/sub-folder/, while apearing as domain.com.
Right now I have mbektic.com forwarding to http://138.197.5.88/mbektic/ which kind of gets what I need done, but I wish for the URL to say mbektic.com, instead of the ip address of the server.
Now I've been looking around and I've found things mentioning things from creating records to .htaccess files, and honestly I'm completely lost.
If someone could point me to a straightforward guide or give me a list of steps to follow, I can do it myself, but currently I am just lost.
This really belongs on unix.se since it isn't programming...
That said, what you need to do is set up a DNS A record pointing your domain name to your IP address. Add a second one to handle www.example.com
Then, on the webserver, configure it to respond to that name and serve content out of the directory you specify (the apache webserver calls this the DocumentRoot - you may want to look up apache virtual hosts .... )
My company has a LAMP server, and I am not an expert at web hosting but I manage basic tasks.
My server currently hosts about twelve different domains. Each domain has a .conf file in the sites-enabled directory, and they work fine. Let's say we have example1.com, example2.com, and example3.com, just to hopefully help explain this question.
Recently, a person I work with registered a bunch of new domains. With the domain registrar, they pointed the domains to our IP address. I believe this is called "parking" a domain. I have not set up a .conf file or enabled any of these new domains on our server yet. Let's say they are newsite1.com, newsite2.com, etc...
What's puzzling to me is that if one types one of the new domains into a browser, one of our existing domain shows up. Let's say it's example1.com. So, if you go to a browser and type in newsite1.com, or newsite2.com, you are taken to example1.com. Also, in the address bar at the top of the browser, it will be displayed as example1.com.
This is not the desired behaviour. For one thing, we did not choose, as far as I know, for example1.com to be the default, and it's not necessarily the website we would want to be the default. In any case, I don't know why the system is going to example1.com as opposed to example2.com or any of our other sites.
The desired behaviour would be for there to just be a general error, "this domain does not exist" or something like that. If there has to be a default website, we'd like to be able to choose it.
I've seen questions on Stack Oveflow that are similar, but they all presume one wants to set a default. When I look at the configuration files they reference, for example /etc/httpd/conf/httpd.conf, they are empty, so in my case, there is nothing to unset.
How do I stop browsers from being redirected to the website that they are currently being directed to? How can I set it so that Apache just returns a "site not found" error instead of serving up a website?
The easiest way to fix this is name your .conf files starting with a number.
If you look at the default apache configs, you'll notice a file called "000-default.conf". Apache will load the files in number order - so just make your default virtual host .conf file be 000-whatever.conf.
I suppose you're using name based virtual hosts and the <VirtualHost> directive and this is what docs have to say:
If no matching name-based virtual host is found, then the first listed virtual host that matched the IP address will be used. As a consequence, the first listed virtual host for a given IP address and port combination is the default virtual host for that IP and port combination.
So when you say:
I've seen questions on Stack Oveflow that are similar, but they all
presume one wants to set a default.
... all I can add is that that's the way Apache works. I don't think it's inherently wrong to have a default host that serves a this domain does not exist page. I always do so in my Windows development box, typically by commenting out the default hosts at conf/extra/httpd-vhosts.conf file and adding my default host there.
If you ask for my opinion, it's rather questionable that Apache basically serves an arbitrary site when there's no match, thus making this customisation mandatory—and I've seen lots of live sites that don't do it.
I've setup 4 sites on a LAMP stack and pointed a number of domains at the server. Everything is running nicely but for some reason, none of the sites have the http:// prefix.
It isn't a massive problem but down-the-line, these sites are going to run https on secure areas and I want visitors to be able to differentiate.
Why would Apache NOT display the http:// prefix? I'm using named virtual hosts and have modified my /etc/hosts file to point the relevant domains to my server's IP.
It's most likely the browser hiding the http:// prefix. It should be happening on every other web site you visit with that browser, too.
You can't control this with Apache - but don't worry, in https mode, the browser will make sure the user sees the difference.
I am currently building an application that I will host and will have multi-tenants (SaaS) called over the web, I would like them to be able to have subdomain.theircompany.com be able to point to subdomain.mycompany.com (or if they wish, point a full TLD to a subdomain with me).
The way I have been expecting this to work is to simply have a wildcard 'ServerAlias *.mycompany.com' in my Apache config pointing to my application, which then extracts the host being called...They then redirect via a CNAME entry on their host.
My question is, would this approach allow external subdomains to be pointed to a CNAME URL instead of IP? As this runs on one account on my system, am I able to install an SSL for a single wildcard if that customers wants to be running on SSL?
Any other suggestions/approaches would be greatly appreciated!
Thanks
A CNAME will work for the purposes of naming, but not for the purposes of a wildcard SSL cert.
Specifically, example.theircompany.com can have a CNAME record with a value of example.yourcompany.com. This will mean that example.theircompany.com will transparently resolve to your site. In other words, a browser still sees example.theircompany.com, not example.yourcompany.com.
As such, the SSL cert must be for the theircompany.com domain, not the yourcompany.com domain.
We noticed that a hacker created a domain and configured DNS to point it to our server's IP address.
We are using apache2.x on Ubuntu.
There is a "default" file in apache's /etc/apache2/sites-available directory and it looks like the the hacker's domain is using "default" apache configuration file to display our web content in their domain.
How can we prevent this?
Can some one post a "default" apache configuration file as an example?
Unknown domains that come into apache over the specified ip and port will be directed to the first virtual host, thus the 000-default file. Your best bet is to make the 000-default host return a 400 or 500 error (or some explicit message saying the domain doesn't belong) and use explicit virtualhosts for each of your sites.
+1 Jeremy's answer: make the default (first) virtual host for each IP address you're listening on return something useless like a 404 or page saying nothing but “this is a virtual server”.
Allowing your web server to serve a real web site on a non-matching ‘Host’-name (including a raw IP address) opens you up to two particular attacks:
DNS rebinding attacks, leading to cross-site scripting into your real web site.
This affects sites with a user access element (eg. logging in, cookies, supposedly-private intranet apps).
‘Search-hijacking’. This affects all sites (even completely static ones). This may be what is happening to you. By pointing their own domain name at your server, they can make search engines see both the real domain name and their fake one as duplicates for the same site. By using SEO techniques they can then try to make their fake address seem like the more popular, at which point the search engines see that as the canonical address for the site, and will start linking to it exclusively instead of yours.
Most web servers are configured by default to serve a web site to all-comers, regardless of what hostname or IP address they're accessing it through. This is a dangerous mistake. For all real live sites, configure it to require that the ‘Host’ header matches your real canonical hostname.