1

Someone has setup a CDN server which is directing traffic to my server and setting the HOST header to match one of my real domains. Because of this, Apache uses the virtual host for my real domain name instead of the host name for the CDN domain.

For example, the URL is:

http://cdn.example.com/pictures/www.mydomain.com/images/product/6a/229326.jpg

It appears this CDN is a proxy that is overriding the HOST header. Apache sees the host as www.mydomain.com instead of cdn.example.com.

I'd like to block this traffic, but I can't block via host or IP (because it changes). There is a host header:

HTTP_X_FORWARDED_HOST=cdn.example.com

Possible?

edit: don't have mod_security installed

smusumeche
  • 623
  • 4
  • 8
  • 19
  • possible duplicate of [mod\_security block requests by http-host header](http://serverfault.com/questions/656093/mod-security-block-requests-by-http-host-header) – Hyppy Jun 02 '15 at 16:36
  • mod_security is your friend. Check the duplicate post link above. – Hyppy Jun 02 '15 at 16:36
  • 1
    mod_security can certainly do this, but if he's not already using it, it will be easier to use mod_rewrite, as in alphamikevictor's answer. – Andrew Schulman Jun 03 '15 at 07:07

1 Answers1

3

You can use mod_rewrite to accomplish this task:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Host} cdn.example.com
RewriteRule .* - [F]

As you can see, if you test it with curl denies the access:

[root@RPX conf]# curl -i -H "X-Forwarded-Host: cdn.example.com" http://localhost:80/algo/
HTTP/1.1 403 Forbidden
Date: Tue, 02 Jun 2015 16:49:37 GMT
Server: Apache
Content-Length: 207
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /algo/
on this server.</p>
</body></html>
alphamikevictor
  • 1,062
  • 6
  • 19