Short answer: no.
Long answer: you could cobble together some really ugly nonsense with
raw packet inspection but it would make you cry at length and then you'd
bin it.
MEANWHILE: You can put the host and/or port in the <VirtualHost> header
in your apache configuration and it will reject requests or do other fun
things when the selected IP address and host name do not match.
Matching web server name with web server address on a multi-server host
is a semantic decision best made via a web server since it has all the
necessary parsing machinery and doesn't have to function against every
possible packet passing through the machine.
If you really wanted to get ugly you could issue blacklist events on
mismatches.
If you really wanted to be helpful you could issue redirects to the
client/browser on mismatches.
Both of those options involve non-trivial coding for very little value.
<VirtualHost x.y.z.t1>
DocumentRoot "/www/website1"
ServerName website1.domain.tld
...
</VirtualHost>
See official apache documentation at
https://httpd.apache.org/docs/2.4/vhosts/examples.html
On 4/15/19 9:26 PM, Gianluca Gargiulo wrote:
Hi,
i ask if it's possible using iptables or conntrack to make following
configuration:
i have a linux debian 9 server with 2 public static ip
x.y.z.t1
x.y.z.t2
and apache listening on 0.0.0.0/0.
then i have this virtual host on apache:
website1.domain.tld (DNS -> x.y.z.t1)
and
website2.domain.tld (DNS -> x.y.z.t2)
Virtual host works on 0.0.0.0 ip and in the http packet select host
field to know what website is choosen by client.
there is any configuration to
1A) allow http traffic if destination is x.y.z.t1 and
website1.domain.tld combination
1B) deny http traffic if destination is x.y.z.t2 and
website1.domain.tld combination
1C) deny http traffic if destination is x.y.z.t1 and
website2.domain.tld combination
1C) allow http traffic if destination is x.y.z.t2 and
website2.domain.tld combination
??
thank you a lot.
