On Thu, 2014-10-02 at 09:44 -0700, Paul Heinlein wrote:
> On Thu, 2 Oct 2014, jwyeth.arch@xxxxxxxxx wrote:
>
> Another good trick to keep IP-based scanners off your back is to make
> sure that all HTTP requests have a valid Host: header. In Apache, it's
> easy. The first-listed <VirtualHost> declaration is the default if a
> client fails to provide a Host: header in the request. So the initial
> Virtual host is basically a deny-all container, e.g.,
>
> <VirtualHost *:80>
> ServerSignature off
> <Location />
> <RequireAny>
> Require local
> Require ip [some administrative IP addr]
> </RequireAny>
> </Location>
> </VirtualHost>
>
> <VirtualHost *:80>
> ServerName www.you.com
> # the real work happens here ...
> </VirtualHost>
All my web sites are configured as virtual hosts. The 'empty' default
web site (one on every server) redirects all requests to 127.0.0.1.
Sometimes I change this a Chinese consumer site. Why give the hackers
and pests an opportunity to annoy you - send them away before their
requests can be done to your web site.
xx.xx.xx.xx is the web server's IP address. Some of the configuration
relates to the previous system of banning every IP directly accessing
the server's IP address.
<VirtualHost xx.xx.xx.xx:80>
DocumentRoot /data/web/do/default/www
ServerName xx.xx.xx.xx
CustomLog /data/web/weblogs/acc.000118 combined
ErrorLog /data/web/weblogs/err.000118.w
DirectoryIndex banned.php
HostnameLookups Off
<Directory /data/web/do/default/www/>
RedirectMatch permanent ^/(.*)$ http://127.0.0.1/
</Directory>
</VirtualHost>
The real web sites have entries beginning with, for example, ...
<VirtualHost example.com:80 www.example.com:80>
--
Regards,
Paul.
England, EU.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
