Skip to main content

Protection against rogue domains pointing to our IP's

Comments

5 comments

  • quizknows
    Generally if a rogue domain points to my IP I use ModSecurity to block it. Simply make a rule like this one (to block baddomain.com):
    SecRule SERVER_NAME "baddomain\.com$" "t:lowercase,deny,id:193,status:406"
    You can choose whatever 4xx or 5xx status you want. A 404 status will return an actual 404 response and page. You can also omit the status: and change "deny" to "drop" and it will drop the connections intended for baddomain.com rather than responding to them. The visitor just gets a "connection reset while the page was loading" error from their browser. If you had a ton of rogue domains pointing toward you, there may be a way to restrict apache to only serve certain server names. Hopefully someone knows an easier way for you to accomplish that if needed. That said, I have not tested this in production like I have the above advice, but it would probably look something like:
    SecRule SERVER_NAME "!@pmFromFile /path/to/trusted_domains.txt" "deny,id:148"
    The file /path/to/trusted_domains.txt would need a list of domains apache is allowed to serve. The rule basically says if the domain name does not match an entry in that file, then deny the request. This could be suitable for someone like yourself who only hosts a few domains, I wouldn't really recommend it to someone else due to having to maintain that list. Ideally it's much easier and less overhead on the server to just block domains that you know you need to block.
    0
  • cPanelMichael
    Hello, In addition to the previous post, if you need more information about enabling Mod_Security, you can find that at:
    0
  • stoner
    Hello, In addition to the previous post, if you need more information about enabling Mod_Security, you can find that at:
    0
  • quizknows
    You could try putting it in pre_virtualhost_global.conf in the /usr/local/apache/conf/includes/ directory. It may or may not have the desired result, but that would likely be the best place to try it.
    0
  • stoner
    You could try putting it in pre_virtualhost_global.conf in the /usr/local/apache/conf/includes/ directory. It may or may not have the desired result, but that would likely be the best place to try it.

    I'll give that a try quizknows, thanks. Will report back if it worked or not.
    0

Please sign in to leave a comment.