homepage Welcome to WebmasterWorld Guest from 54.166.122.65
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Prevent unauthorized domains from using my IP
Tonearm

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4544006 posted 12:29 am on Feb 9, 2013 (gmt 0)

I was looking over my code and I realized someone could point an arbitrary domain name of their's at my IP and cause visitors to their domain to interact with my site. I set it up so apache serves an error page if this happens but I'd rather prevent my server from responding to a request like that at all. Is there anything I can do?

 

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4544006 posted 7:22 am on Feb 9, 2013 (gmt 0)

I set it up so apache serves an error page if this happens ...

how did you implement this?

... I'd rather prevent my server from responding to a request like that at all.

you mean something like a firewall solution?
you would have to inspect the request to find the requested hostname.

ron15



 
Msg#: 4544006 posted 5:54 am on Aug 25, 2013 (gmt 0)

Sorry for digging up an old thread, but I have also been wanting to know if there is a way to reject an arbitrary domain pointing at my IP.

What got me on the lookout for a solution was recently firing up a new Linode VM, then researching the IP history and discovering a Chinese registered domain pointing to the IP of the new Linode VM. Realizing how potentially damaging this could be, I destroyed the Linode and created a new one in order to get a different IP. Then I started looking for a solution in case someone in the future points an domain to my IP. I did the following.

I created a page with a short message indicating nothing is to be found and located it in its own site container, /var/www/badtraffic. I then setup an Apache VirtualHost with no ServerName, only a DocumentRoot pointing to /var/www/badtraffic. Any request coming directly to the IP address, or by a DNS resolved name to the IP not defined as a valid VirtualHost in my httpd.conf goes to badtraffic. I've tested it and it works well.

I would like to send the traffic to a 403 forbidden, but have not had any success. At least I know that no one can point their domain at my site (only one public site on this IP). So if anyone has further insight into a solution to this potential issue, I'd be interested in hearing.

ThemeKings



 
Msg#: 4544006 posted 4:20 pm on Sep 5, 2013 (gmt 0)

If you did a WHO IS on the domain name and found the "Name Servers" for the domain name you could block their request to your site via your .htacess file located within your root directory.

The .htaccess code would like similar to this:


# block proxy servers from site access

RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved