Welcome to WebmasterWorld Guest from

Forum Moderators: phranque

Message Too Old, No Replies

Prevent unauthorized domains from using my IP

12:29 am on Feb 9, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 5, 2002
posts: 1845
votes: 3

I was looking over my code and I realized someone could point an arbitrary domain name of their's at my IP and cause visitors to their domain to interact with my site. I set it up so apache serves an error page if this happens but I'd rather prevent my server from responding to a request like that at all. Is there anything I can do?
7:22 am on Feb 9, 2013 (gmt 0)


WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
votes: 8

I set it up so apache serves an error page if this happens ...

how did you implement this?

... I'd rather prevent my server from responding to a request like that at all.

you mean something like a firewall solution?
you would have to inspect the request to find the requested hostname.
5:54 am on Aug 25, 2013 (gmt 0)

Junior Member

5+ Year Member

joined:July 4, 2010
votes: 0

Sorry for digging up an old thread, but I have also been wanting to know if there is a way to reject an arbitrary domain pointing at my IP.

What got me on the lookout for a solution was recently firing up a new Linode VM, then researching the IP history and discovering a Chinese registered domain pointing to the IP of the new Linode VM. Realizing how potentially damaging this could be, I destroyed the Linode and created a new one in order to get a different IP. Then I started looking for a solution in case someone in the future points an domain to my IP. I did the following.

I created a page with a short message indicating nothing is to be found and located it in its own site container, /var/www/badtraffic. I then setup an Apache VirtualHost with no ServerName, only a DocumentRoot pointing to /var/www/badtraffic. Any request coming directly to the IP address, or by a DNS resolved name to the IP not defined as a valid VirtualHost in my httpd.conf goes to badtraffic. I've tested it and it works well.

I would like to send the traffic to a 403 forbidden, but have not had any success. At least I know that no one can point their domain at my site (only one public site on this IP). So if anyone has further insight into a solution to this potential issue, I'd be interested in hearing.
4:20 pm on Sept 5, 2013 (gmt 0)

New User

joined:Sept 5, 2013
votes: 0

If you did a WHO IS on the domain name and found the "Name Servers" for the domain name you could block their request to your site via your .htacess file located within your root directory.

The .htaccess code would like similar to this:

# block proxy servers from site access

RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members