Welcome to WebmasterWorld Guest from 22.214.171.124
This is my first post here, so be nice :) (I mulled over posting this in the Apache forum but finally settled on here being most applicable - mods, please do move the thread if I've got this wrong!)
I'm basically in the middle of setting up an Apache 2 webserver at home to serve my own webpages. And it's working well. Now, I have a domain name which I've owned for years with a host, and thus an appropriate control panel.
I would like to ONLY allow my webpages to be served by domain name - and that if the ip address of my WAN router is entered into a browser, no pages are served.
I.e. I would like that my setup allows www.domain.com on port 80 to "resolve" to 86.77.x.x on port 8080 (or whatever) on my machine, so users can only access via the domain and NOT by using my IP.
How would I go about doing this?
Having searched the net for tutorials on this sort of thing, I can't find any appropriate ones to confirm exactly how this "ip-address:port 80 to domain.com:8080" is literally instructed. As is probably obvious, I have no prior network experience at all. I am very willing to learn, and have much patience at my disposal, however ;)
I have no idea how to even confirm that my domain panel allows this "resolve" thing to happen: I have access to a DNS control panel which has 2 sections: DNS entries (MX, CNAME, A and TXT records) and Domain Name Servers (i.e. server00012.webhost.net goes to x.x.x.x).
Any further pointers on this (perhaps to an appropriate tutorial or article explaining how this works/is instructed) would be fantastic.
- your domain name DNS settings only need to point to your IP
- your router needs to be set up so it routes requests to port 80 on the external IP to port 8080 on your computer's IP
- Apache needs to be set up with two virtual hosts, one with your computer's IP as ServerName; the other with your domain name as ServerName. This ensures only requests to the domain name will get served as your domain; requests to the IP will get whatever you set up for that virtual host (e.g. a blank page or a 403 code).
I don't think you need to fumble around with different ports for this - you can either:
- set up name based virtual hosts on that ip address, and only point the "real" domain names to the content (return a 403 or a redirect for requests on the default virtual host)
- filter out on you http server based on the "Host:" header, which would show either the IP address or the fully qualified domain name. Apache will give you the "Host:" header in the HTTP_HOST environment variable.
While some registrars and DNS providers have what APPEARS to be a DNS "forwarding" service, really, what they are doing is running a webserver that redirects to your server in a frame.
I'm a bit unclear on just what you are trying to accomplish. Could you provide a bit more detail? (Use "example.com", etc.)
If the goal is to not show the content when just the IP address is used, then the previous responses are on-track. You can use mod_rewrite to filter-out requests that don't have the domain name provided in the HOST header.
If you want to completely deny that a web server is present, that will require some application-level firewalling. You will need a firewall appliance or software that can examine the HOST header and close the connection if it is empty or not what you are expecting.
If you want to have example.com:80 to to one IP address and example.com:8080 go to a different one - you can't. We are back to the fact that DNS doesn't deal with ports - only addresses.
You could, however, set-up your main site (if I am reading this correctly, you have a site at a web host, and another at home) to redirect requests to port 8080 to your home site. But, you are either going to have to redirect to the address, or set up a seperate domain or subdomain.
Any reason you don't want to have www2.example.com, etc.?
Unfortunately, I don't see a way to do this cleanly where the user is not going to be the wiser. You can make it a bit easier for them by providing a redirect from your main site. But once they arrive at your home site, they are going to see either an IP address:8080, www2.example2.com:8080, etc.
I am assuming you cannot use port 80, because your ISP blocks it. If that is the case, you might want to read their terms of service closely, and make sure you are not in violation. It is NOT wise to violate the TOS when you have irreplacable high-speed service - e.g. a cable connection. If your cable company cuts you off for a violation, the problem is in most places they have a monopoly, and you can't go to somebody else for equivalent service.
Basically, I got a little confused back there re: the ports. I've read some documentation that suggested this was the way forward - I must have misunderstood (don't worry, jtara, port 80 isn't blocked on my cable company's line, so no slap on the wrists from them here - but a good point to be aware of, thank you).
To do what I wanted to do (wanting my "website be visible just under the domain name, not under the IP address itself") I just read some official documentation from Apache, and (as you all suggested, zCat et al!) was able to fix this via virtual hosts, filtering using the Host: header. It was really remarkably simple when you guys pointed me in the right direction - we're talking maybe 8 lines of actual code added to my server config file.
Just to add, jtata, I do not wish completely deny that a web server is present - it's a bit OTT for what I require but nice to know how this can be done if I ever want to go down that route.
Thank you all - it's been most helpful posting my query on here.
(I hope this will be of some use to future googlers too!)