Preventing unauthorized domains from pointing to my website
[SOLVED] Preventing unauthorized domains from pointing to my website
Hey guys,
I have just come across an issue whereby another domain is showing up on Google SERP as our domain. The HOST command shows that the domain has IP address of one of my domains (dedicated IP).
How can I go about restricting other domains from pointing to our server/IP ?
I have initially added an additional VirtualHost directive in http.conf as the first entry (before anything else):
(using Varnish cache, hence 8080)
This, theoretically, forces apache to deny ALL incoming queries - unless the Host is one of those explicitly named later on in the http.conf (under another VirtualHost directive). Is this enough? Are there any other measures I should be undertaking? How do I prevent this from happening with SSL connections? (I tried an additional VirtualHost directive on 443 but it didn't allow any SSL connection - even my own). Also, I had to manually add this into http.conf and issued
to try and enforce this into any cPanel updates to apache - it looks like it added without issue.
ServerName default-unauth-domain
Order allow,deny
Allow from googlebot.com
Allow from 127.0.0.1
This, theoretically, forces apache to deny ALL incoming queries - unless the Host is one of those explicitly named later on in the http.conf (under another VirtualHost directive). Is this enough? Are there any other measures I should be undertaking? How do I prevent this from happening with SSL connections? (I tried an additional VirtualHost directive on 443 but it didn't allow any SSL connection - even my own). Also, I had to manually add this into http.conf and issued
/usr/local/cpanel/bin/apache_conf_distiller --updateto try and enforce this into any cPanel updates to apache - it looks like it added without issue.
-
Hello :) The Apache access control documentation should be helpful: [url=http://httpd.apache.org/docs/2.2/howto/access.html]Access Control - Apache HTTP Server The following document explains how to save custom changes to the Apache configuration file: [url=http://etwiki.cpanel.net/twiki/bin/view/EasyApache/EasyApacheCustomDirectivesOutsideVirtualHost]EasyApache: Changes Contained Outside a VirtualHost Directive Thank you. 0 -
Thanks Michael, I think that directive should be enough. I opted not to use the Hostname access control for performance. 0 -
[quote="s2s, post: 1572891">I think that directive should be enough. I opted not to use the Hostname access control for performance.
Feel free to update this thread to let us know how it works out. Thanks.0 -
So far it seems to be returning a 404 for the specific domain in question (and for visiting via IP). Not sure what else might be affected though (crawlers/bots, SEO, etc) - so will monitor for a while. 0
Please sign in to leave a comment.
Comments
4 comments