How to disable the default document root in Apache?

Question

I host some websites on my server running Apache Httpd. Each website has it's own domain or sub-domain and virtual host. Therefore, I need no default document root. Is it possible to disable DocumentRoot in /etc/httpd/conf/httpd.conf?

score 10 · Answer 1 · answered Jul 12 '15 at 14:53

Thanks for the other answers. I solved it by adding a default virtual host without any permissions. The global DocumentRoot and ServerName options must match the ones specified in the virtual host.

/etc/httpd/conf/httpd.conf

...
ServerName <server-ip>:80

DocumentRoot "/var/www/html"

<Directory />
    Order Deny,Allow
    Deny from all
    Options None
    AllowOverride None
</Directory>
...

/etc/httpd/conf.d/default.conf

<VirtualHost *:80>
        ServerName <server-ip>
        DocumentRoot /var/www/html
</VirtualHost>

This way, I get a 403 Forbidden message when the server is accessed by it's ip directly, which is exactly what I wanted. It would be even better if I wouldn't need /var/www/html an existing directory for that, but Apache complains if I specify something like /dev/null instead.

score 8 · Answer 2 · answered Jul 12 '15 at 14:15

Yes and No.

You can comment out or remove the DocumentRoot directive, no problem. But that doesn't achieve much, because then it will default to the default directory PREFIX/htdocs/ where PREFIX is set when you build apache.

When you have VirtualHosts set up all requests that are not handled by an explicitly configured virtual host get handled by the default virtualhost (which is typically the first one, but httpd -S will tell you).

score 5 · Answer 3 · answered Jul 12 '15 at 14:09

5

I'm not sure you want to do that. If there is no default vhost in an apache config, the first defined vhost becomes the default.

All you really need to do is have the default serve a blank page.

answered Jul 12 '15 at 14:09

user9517

114,104
20
206
289

score 2 · Answer 4 · answered Oct 25 '19 at 15:59

Any Apache configuration file with extension .conf located within /etc/httpd/conf.d/ will be included as part of Apache configuration. Thus to disable the default "Welcome" page configuration we need to rename its configuration /etc/httpd/conf.d/welcome.conf:

Step one move default welcome file:

sudo mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.backup

Step second reboot Appache2 service

sudo systemctl restart httpd

score 0 · Answer 5 · answered May 03 '19 at 07:48

In your /etc/httpd/conf/httpd.conf, if your Listen directive is

Listen 80

That's mean

*:80

You have defined a couple <listener>+<servename> in your /etc/httpd/conf/httpd.conf and /etc/httpd/conf.d/default.conf which are the same : *:80 + <server-ip>. So, Apache only takes one into account.

So, your vhost config is no use.

Your /etc/httpd/conf/httpd.conf is enough to block access to your /var/www/html directory.

Simply add :

<Directory /var/www/html>
    Order Deny,Allow
    Deny from all
    Options None
    AllowOverride None
</Directory>

Please have a read to https://httpd.apache.org/docs/2.4/en/vhosts/name-based.html#alg :

How the server selects the proper name-based virtual host

It is important to recognize that the first step in name-based virtual host resolution is IP-based resolution. Name-based virtual host resolution only chooses the most appropriate name-based virtual host after narrowing down the candidates to the best IP-based match. Using a wildcard (*) for the IP address in all of the VirtualHost directives makes this IP-based mapping irrelevant.

When a request arrives, the server will find the best (most specific) matching argument based on the IP address and port used by the request. If there is more than one virtual host containing this best-match address and port combination, Apache will further compare the ServerName and ServerAlias directives to the server name present in the request.

If you omit the ServerName directive from any name-based virtual host, the server will default to a fully qualified domain name (FQDN) derived from the system hostname. This implicitly set server name can lead to counter-intuitive virtual host matching and is discouraged.

The default name-based vhost for an IP and port combination If no matching ServerName or ServerAlias is found in the set of virtual hosts containing the most specific matching IP address and port combination, then the first listed virtual host that matches that will be used.

Vasin Yuriy · Answer 6 · 2019-12-24T08:32:10.700

0

Just change default port to:

Listen 80
Listen 8080 # any fake port

and leave *.80 in VirtualHost

Works for me with Apache2 and Centos 7

More examples you can find in documentation. Take a look at _default_ variable.

edited Dec 24 '19 at 08:32

answered Dec 24 '19 at 07:56

Vasin Yuriy

101
3

score 0 · Answer 7 · edited May 26 '21 at 11:32

0

In order to disable this page, we have to rename the file /etc/httpd/conf.d/welcome.conf to something else or you can simply delete it if you don’t need it.

mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf_backup

Make sure that Apache is restarted (as root) with the command:

systemctl restart httpd

edited May 26 '21 at 11:32

fboaventura

1,125
11
16

answered Dec 24 '19 at 10:24

Sukhjinder Singh

1,944
2
8
17

score -1 · Answer 8 · answered May 24 '21 at 11:44

-1

To disable the default site

$ sudo a2dissite 000-default.conf

answered May 24 '21 at 11:44

feradz

99
1

How to disable the default document root in Apache?

8 Answers8