Block direct IP connections to Apache web server

Question

I need to figure out how to block direct IP access to my website.

Example: I want it so that when people type my IP address 1.2.3.4 into the browser it doesn't work, but when they type www.example.com it does work.

I am using Apache 2.4.9, and my website is run using WampServer.

I have tried other solutions from some old questions on here, but none of them have worked for me. I have tried pasting virtual host stuff into the vhosts.conf, but I couldn't get it right, and I tried doing rewrite stuff with the htaccess file, but that didn't work either.

The duplicate question is not quite the same, but the answer works for your situation as well. — Jenny D, Jul 04 '16 at 09:59

score 2 · Answer 1 · answered Jun 29 '16 at 08:27

2

Generally the first virtual host entry also acts as the default, so make your first virtual host entry point to a folder with an access denied page.

answered Jun 29 '16 at 08:27

Toby Allen

757
2
10
24

In addition to preventing use of the default virtual host for any other purpose (_if_ a user should have one), this approach also prevents serving localized error pages to the browser accessing by IP address – Colt Jun 29 '16 at 14:20

Colt · Answer 2 · 2016-06-29T20:46:29.130

0

One way to do this is to set a rewrite condition within the global server context that disallows IP based requests by requiring an HTTP header similar to the example shown below:

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
RewriteCond %{REQUEST_URI} !^/error [NC]
RewriteRule ^.(.*) - [L,F]

NOTE: This example requires that you enable mod_rewrite.

NOTE ALSO: If you have multiple virtual hosts, you can modify the RewriteCond to check more broadly or use multiple RewriteCond statements to accommodate the different domains.

An alternative configuration is:

<If req('Host') != 'www.example.com'">
  <Location "/">
    Require all denied
  </Location>
</If>

edited Jun 29 '16 at 20:46

answered Jun 29 '16 at 02:01

Colt

2,029
6
21
27

This just gave me a error on all my web pages when visiting anything. I think I have mod_rewrite enabled. I am very confused. I am a noob at apache. – Ben Stapleton Jun 29 '16 at 16:50
It is hard to know why without digging through all of your configuration files, but added an alternative configuration that can work if inserted in the right place. – Colt Jun 29 '16 at 20:48

Block direct IP connections to Apache web server

2 Answers2