12

I have an Apache2 configuration with multiple VirtualHosts. My DNS is set to accept *.<domain>.<tld> on multiple domains. Everything is working correctly but if I go to something-random-here.example.com I seem to get an invalid VirtualHost being selected (I am guessing the first or last one it finds). Is there a way to tell Apache to use certain rules if none of the VirtualHost entries match the domain or subdomain? I'd preferably like to return a 404.

happy_soil
  • 2,411
  • 2
  • 20
  • 22
Mr Fox
  • 622
  • 3
  • 9
  • 14

3 Answers3

12

Apache uses the first virtualhost if no name matches. Just configure a new virtualhost as the first one with a random name, displaying whatever you like - or returning a 404 page.

Moritz Both
  • 396
  • 3
  • 6
  • Thanks but could you please elaborate? I can't get this to work. – Mr Fox Sep 07 '11 at 12:34
  • 2
    How are your apache2 configuration files layed out? Or which operating system do you use? Apache reads the configuration in a certain order, and the first VirtualHost it sees is the default one. It receives all traffic from unknown host names. So if you have a single configuration file, the first VirtualHost is it. If you have multiple ones, like on most linuxes, it may be the one called 0default or so... – Moritz Both Sep 07 '11 at 15:00
  • I put some default configurations in the `ports.conf`. It wasn't working because I tried to match *:80 when I was using :80 on my virtualhosts. Instead I had to create a separate default entry for each IP and it works now. – Mr Fox Sep 08 '11 at 15:31
  • Neither my first or last v-host file is used. I think apache has changed. – Cobolt Jun 18 '19 at 15:55
6

Wildcard include your site configuration files:

Include path/to/site/confs/*httpd.conf

Organize your site conf files so they are loaded in an expected order. Example...

01-httpd.conf

02-site1-httpd.conf

03-site2-httpd.conf

etc...

Apache will read these in order. Then create one that will always load last to catch any unmatched virtual hosts and return a 404 instead of loading a default site.

99-catchall-httpd.conf

<VirtualHost *:8080>
 ServerName null
 ServerAlias *
 Redirect 404 /
</VirtualHost>

<VirtualHost *:8443>
 ServerName null
 ServerAlias *
 Redirect 404 /
</VirtualHost>

Be sure to replace the ports with whatever ports your httpd listens on. Or if you have httpd listening on specific interfaces, you'll need to add a catchall for each interface instead, like so:

<VirtualHost 192.168.1.101:8080>
 ServerName null
 ServerAlias *
 Redirect 404 /
</VirtualHost>
<VirtualHost 192.168.1.101:8443>
 ServerName null
 ServerAlias *
 Redirect 404 /
</VirtualHost>

<VirtualHost 192.168.1.102:8080>
 ServerName null
 ServerAlias *
 Redirect 404 /
</VirtualHost>

<VirtualHost 192.168.1.102:8443>
 ServerName null
 ServerAlias *
 Redirect 404 /
</VirtualHost>

Hope this helps. I use this method to load sites in the order I specify and prevent unmatched virtual hosts from loading an unexpected site unintentionally.

Jason Slobotski
  • 194
  • 1
  • 3
  • isn't "ServerAlias *" should be removed from catch-all rules? – Ahm3d Said Jul 21 '19 at 13:09
  • I suppose it wouldn't matter. If none of the virtual hosts prior to the catchall handle the request, these will return a 404 response. I don't see a reason that ServerAlias * would have to be removed, but they may be unnecessarily specific. – Jason Slobotski Jul 23 '19 at 19:51
0

As Moritz Both mentions, Apache2 will use the first virtual host it finds if it does not match any that you have requested.

When you first install Apache2 there's a default website conf that you can use as a template, modify or delete, and I was always wondering what the 000-default.conf was actually for, because they had a default.conf too. After reading what Moritz Both said, it all makes more sense now.

What I did for my server was copy the config for the default hostname (website) to 000-default.conf file and a2ensite 000-default.

Now, everytime there is an unmatched domain request to my website, it serves up the 000-default page, which is just a copy of my actual default page.

Newteq Developer
  • 101
  • 1
  • 1
    I do the same but my un-matched/default host sends a redirect to the proper top level site which changes the displayed URL to the correct one as well. – ivanivan Dec 25 '18 at 13:55
  • That is a really great idea! I didn't think about that. I will definitely be implementing my site like that :) – Newteq Developer Dec 25 '18 at 18:18
  • For some reason, I can't seem to get my ssl (default page) to redirect. I have ` ... Redirect / https://baseurl/ ... ` but the url stays the same. I've done the same for the non ssl version and it redirects correctly. Any ideas? – Newteq Developer Dec 25 '18 at 19:31