I have domain abc.com and I noticed another domain not owned by me pointing to the same IP address as mine. It is ghosting mine, so when you visit that website it looks exactly as if you were on mine.
Any ideas of how to prevent that?
my vhost looks like:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.example.com
DocumentRoot /path/to/site
<Directory /path/to/site/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com$ [NC]
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !example\.com [NC]
RewriteCond %{HTTP_HOST} !example.com [NC]
RewriteRule .? - [F]
ServerName example.com
ServerAlias www.example.com
</VirtualHost>
</IfModule>
Apache uses the Host field from the HTTP requests headers to know which vhost is requested (Host corresponds to apache ServerName or ServerAlias).
Try apache2ctl -S, it will give you an ouput containing something like:
VirtualHost configuration:
*:80 is a NameVirtualHost
default server ip (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost ip (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost www.example1.com (/etc/apache2/sites-enabled/001-vhost.conf:1)
port 80 namevhost www.example2.com (/etc/apache2/sites-enabled/002-vhost.conf:1)
*:443 is a NameVirtualHost
default server 127.0.1.1 (/etc/apache2/sites-enabled/default-ssl.conf:2)
port 443 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/default-ssl.conf:2)
port 443 namevhost www.example1.com (/etc/apache2/sites-enabled/non-default-ssl.conf:2)
Now imagine my ip is 1.1.1.1:
Given those three curl commands:
1. curl http://1.1.1.1 -H 'Host: www.example1.com'
1. curl http://1.1.1.1 -H 'Host: www.example2.com'
1. curl http://1.1.1.1 -H 'Host: www.spoofexample.com'
First one, apache finds the corresponding ServerName in a vhost file and uses /etc/apache2/sites-enabled/001-vhost.conf to satisfy request
Second one, apache finds the corresponding ServerName in a vhost file and uses /etc/apache2/sites-enabled/002-vhost.conf to satisfy request
Third one (your undesired mapped DNS), apache doesn't find the corresponding ServerName into any of its vhosts file, and uses /etc/apache2/sites-enabled/000-default.conf to satisfy request
The same logic applies to SSL vhosts.
PS1: ServerName for the default HTTP vhost has a value of ip, and there is no ServerName in the default SSL vhost. Apache just assumes a 127.0.1.1, which is not the IP address it listens on (just telling so it's not more confusing).
PS2: To make a vhost the default one it must be the first by names sorted (000 -> 001 -> 002).
It is not possible somebody can ghost your account.
Suppose I am domain owner of abc.com from hostgator. In order to host it on godaddy.com I have to go to domain controller put the godaddy nameservers there. Then on hosting i create a website with same name.
You should not hosting a real domain with ipaddress also. always use name servers which will prevent all those configuration.
Please check this page for redirects
https://www.namecheap.com/support/knowledgebase/article.aspx/385/2237/how-to-redirect-a-url-for-a-domain
Are you hosting a domain from your local computer ?
Related
I have a vps setup with proxy configured to redirect to my home server via vpn.
How do I disable port 80 so when the user types in browser http://my.domain he will be redirected to https://my.domain ? Or how do I enable secure connection only ?
As an example look at http://vk.com - even when you open http link it creates secure https connection.
If I just keep <VirtualHost *:443> and remove <VirtualHost *:80> from /etc/apache2/sites-available/myconf.conf it shows default apache2 page when I open http://my.domain
I found solution.
<VirtualHost *:80>
ServerName my.domain
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
i'm using mattermost locally at home in a Vagrant Virtual Machine. With Port Forwarding on my DSL Router, i map the web frontend on a subomain on my WAN vHost with fixed IP.
<VirtualHost *:80>
ServerName chat.domain.tld
ServerSignature Off
ProxyPreserveHost On
<Location />
Order deny,allow
Allow from all
ProxyPassReverse http://chat.domain.tld/
</Location>
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://mappedsubdomain.somedyndns.tld:8090%{REQUEST_URI} [P,QSA]
DocumentRoot /somewhere/on/my/disk
</VirtualHost>
And that works fine! In this case i'm mapped the Web Frontend from Port 8090 to the port 80 on the vHost Subdomain. And the Web-Frontend is reachable.
But.
mattermost is using another Port to communicate with the Web-Frontend over Websockets. For that i also forwarded the Websocket Port from my local Machine. If i'm accessing the Dynamic DNS Host Url: http://mappedsubdomain.somedyndns.tld:8090 the Web-Fontend works well WITH the second opened Port for Websockets. Mattermost is usable on the Dynamic DNS Host Url.
As Default Mattermost is using Port 80 for the Websockets. But in my case, i'm using port 890 for the Websockets in Mattermost. It works locally, inside the LAN and over the Dynamic DNS Host.
Now, i want to make a ProxyReverse withe the Websocket Protocol.
The WAN-Host is a Debian with Apache2.2 and the loaded mod_proxy_wstunnel Module.
At first, i tried simply to map the second Port:
Listen 890
<VirtualHost *:890>
ServerName chat.domain.tld
ServerSignature off
ProxyRequests off
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://mappedsubdomain.somedyndns.tld:890/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://mappedsubdomain.somedyndns.tld:890/$1 [P,L]
<Location />
Order deny,allow
Allow from all
ProxyPassReverse http://mappedsubdomain.somedyndns.tld:890/
ProxyPassReverse ws://mappedsubdomain.somedyndns.tld:890/
</Location>
DocumentRoot /somewhere/on/my/disk
</VirtualHost>
But nothing. Websockets not working.
Then i tried it from a on the WAN vHost running NodeJS Websocket Tunnel:
https://www.npmjs.com/package/wstunnel
With this call:
wstunnel -t 8091 ws://mappedsubdomain.somedyndns.tld:890/
and with changed Virtual Host Config:
RewriteRule /(.*) ws://localhost:8091/$1
RewriteRule /(.*) http://localhost:8091/$1 [P,L]
ProxyPassReverse ws://localhost:8091/
ProxyPassReverse http://localhost:8091/
When wstunnel is running, a http Request on chat.domain.tld:890 ends with a timeout. Without wstunnel, i've got a 503.
Have anyone a helpful hint for me?
#seekwhencer Would this guide help? https://docs.mattermost.com/install/config-proxy-apache2.html
For troubleshooting WebSocket connections, this page might help: https://docs.mattermost.com/install/troubleshooting.html#please-check-connection-mattermost-unreachable-if-issue-persists-ask-administrator-to-check-websocket-port
I have searched like crazy to find an answer for this... so here goes the scenario:
I have a server that hosts several domains. However, the main domain should be the only one loading as HTTPS.
Whenever I try the following code:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.MAINDOMAIN.com/$1 [R,L]
The rest of the domains change from http://www.site.com to HTTP(S)://www.MAINDOMAIN.com/FolderName and so on.
How can I go about this?
The most straightforward way to do this is to have only one virtual host, www.maindomain.com, available on port 443, and have only www.maindomain.com:80 redirect to https.
<VirtualHost *:80>
ServerName www.maindomain.com
Redirect / https://www.maindomain.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.maindomain.com
SSLEngine on
...
</VirtualHost>
<VirtualHost *:80>
ServerName www.site.com
...
</VirtualHost>
No RewriteRule is needed. If you want you can also have HTTPS on the other sites redirect to HTTP:
<VirtualHost *:443>
ServerName www.site.com
SSLEngine on
Redirect / http://www.site.com/
</Virtualhost>
Otherwise https://www.site.com will be served by https://www.maindomain.com, since that will be the only virtual host available by HTTPS. That will make it the default virtual host for HTTPS, so it will serve all HTTPS requests.
I'm trying to use Apache as a gateway to reverse proxy to a backend server with the same name as the requested http_host.
ex:
ProxyPass / https://%{HTTP_HOST}/
ProxyPassReverse / https://%{HTTP_HOST}/
I'm getting an error when I use this setup. Suggestions?
There's no way to dynamically reverse proxy like that using proxy pass. However, you can do it using mod_rewrite's P flag. The same thing with ProxyPassReverse, you can't use the %{HTTP_HOST}, however, since the hostnames are the same as the same, you don't need it at all. Just need:
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [L,P]
One issue you may run into is that since DNS resolves proxying server to some IP, the proxying server must know that the same DNS hostname does not resolve to itself and actually resolves to a backend server (the server to proxy to), otherwise it will cause a loop.
To use Apache ProxyPass directives with dynamic hostnames you will need to also use ModRewrite.
Objective
All requests to the virtualhost will ProxyPass and ProxyPassReverse (also known as an "Apache Gateway") to the %{HTTP_HOST}
The only reason this would make sense to do is if you have localhost entries on the apache server for specfic host names
Examples
Localhost File
10.0.0.2 foo.bar.com
10.0.0.3 bar.bar.com
How it works
The client makes a request to foo.bar.com (dnslookup is a public IP... YOUR APACHE SERVER)
Your apache server has a localhost entry of 10.0.0.2 for foo.bar.com (some other server on your network)
The request goes through ModRewrite and /path1 is appended, then handed off to ProxyPass and ProxyPassReverse
ProxyPass and ProxyPassReverse hand the call off to foo.bar.com at ip 10.0.0.2
Client requests foo.bar.com ---reverse proxies to----> foo.bar.com/path1 (on some OTHER internal server)
Apache Configuration
<VirtualHost *:443>
Servername *
# Must not contain /path1 in path (will add /path1)
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/path1/.*
RewriteRule ^/(.*) https://%{HTTP_HOST}/path1$1 [NC,R=302,L]
# Must contain /path1 in path (will send request to the proxy)
RewriteEngine On
RewriteOptions Inherit
RewriteCond %{REQUEST_URI} ^/path1/.*
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [NC,P]
SSLEngine on
SSLProxyEngine On
ProxyRequests Off
ProxyPass / https://$1/
ProxyPassReverse / https://$1/
ProxyPreserveHost On
###################
# SSL Constraints #
###################
SSLProtocol -ALL +SSLv3 +TLSv1
# Choose cipher suites
SSLHonorCipherOrder On
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT
# SameOrigin The page can only be displayed in a frame on the same origin as the page itself
Header set X-Frame-Options SAMEORIGIN
SSLCertificateFile /etc/apache2/example.crt
SSLCertificateKeyFile /etc/apache2/example.key
SSLCertificateChainFile /etc/apache2/gd_bundle.crt
SetOutputFilter INFLATE;proxy-html;DEFLATE
</VirtualHost>
source: http://brakertech.com/apache-proxypass-with-dynamic-hostname/
If I have domain name example.com, and if I set an A record for www, www.example.com will return the IP address specified in A record. And what should I configure if I want to resolve example.com (without www.) to an IP address?
Adjust the DNS settings for example.com. Make sure you have address records (type A records) for both example.com and www.example.com, with the same IP address.
If you are using virtual hosting to provide many websites on a single IP address, you will also need to tell your web server about the alternative name for the site. In your web server's configuration, add example.com as an alias for www.example.com. In an Apache server httpd.conf file, this typically looks like:
<VirtualHost *>
DocumentRoot /home/www/web
ServerName www.example.com
ServerAlias example.com
</VirtualHost>
http://www.boutell.com/newfaq/creating/withoutwww.html
Typically you would also redirect:
apache config
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com$
RewriteRule ^(.*) http://www.example.com/$1 [R=301,L]