Default handling for unmatched domains/subdomains in Apache

12

3

I have an Apache2 configuration with multiple VirtualHosts. My DNS is set to accept *.<domain>.<tld> on multiple domains. Everything is working correctly but if I go to something-random-here.example.com I seem to get an invalid VirtualHost being selected (I am guessing the first or last one it finds). Is there a way to tell Apache to use certain rules if none of the VirtualHost entries match the domain or subdomain? I'd preferably like to return a 404.

Ryall

Posted 2011-09-07T08:54:55.980

Reputation: 502

Answers

12

Apache uses the first virtualhost if no name matches. Just configure a new virtualhost as the first one with a random name, displaying whatever you like - or returning a 404 page.

Moritz Both

Posted 2011-09-07T08:54:55.980

Reputation: 375

Neither my first or last v-host file is used. I think apache has changed. – Cobolt – 2019-06-18T15:55:18.823

Thanks but could you please elaborate? I can't get this to work. – Ryall – 2011-09-07T12:34:12.870

2How are your apache2 configuration files layed out? Or which operating system do you use? Apache reads the configuration in a certain order, and the first VirtualHost it sees is the default one. It receives all traffic from unknown host names. So if you have a single configuration file, the first VirtualHost is it. If you have multiple ones, like on most linuxes, it may be the one called 0default or so... – Moritz Both – 2011-09-07T15:00:16.270

I put some default configurations in the ports.conf. It wasn't working because I tried to match *:80 when I was using <ip>:80 on my virtualhosts. Instead I had to create a separate default entry for each IP and it works now. – Ryall – 2011-09-08T15:31:28.587

4

Wildcard include your site configuration files:

Include path/to/site/confs/*httpd.conf

Organize your site conf files so they are loaded in an expected order. Example...

01-httpd.conf

02-site1-httpd.conf

03-site2-httpd.conf

etc...

Apache will read these in order. Then create one that will always load last to catch any unmatched virtual hosts and return a 404 instead of loading a default site.

99-catchall-httpd.conf

<VirtualHost *:8080>
 ServerName null
 ServerAlias *
 Redirect 404 /
</VirtualHost>

<VirtualHost *:8443>
 ServerName null
 ServerAlias *
 Redirect 404 /
</VirtualHost>

Be sure to replace the ports with whatever ports your httpd listens on. Or if you have httpd listening on specific interfaces, you'll need to add a catchall for each interface instead, like so:

<VirtualHost 192.168.1.101:8080>
 ServerName null
 ServerAlias *
 Redirect 404 /
</VirtualHost>
<VirtualHost 192.168.1.101:8443>
 ServerName null
 ServerAlias *
 Redirect 404 /
</VirtualHost>

<VirtualHost 192.168.1.102:8080>
 ServerName null
 ServerAlias *
 Redirect 404 /
</VirtualHost>

<VirtualHost 192.168.1.102:8443>
 ServerName null
 ServerAlias *
 Redirect 404 /
</VirtualHost>

Hope this helps. I use this method to load sites in the order I specify and prevent unmatched virtual hosts from loading an unexpected site unintentionally.

Jason Slobotski

Posted 2011-09-07T08:54:55.980

Reputation: 174

isn't "ServerAlias *" should be removed from catch-all rules? – Ahm3d Said – 2019-07-21T13:09:02.437

I suppose it wouldn't matter. If none of the virtual hosts prior to the catchall handle the request, these will return a 404 response. I don't see a reason that ServerAlias * would have to be removed, but they may be unnecessarily specific. – Jason Slobotski – 2019-07-23T19:51:16.410

0

As Moritz Both mentions, Apache2 will use the first virtual host it finds if it does not match any that you have requested.

When you first install Apache2 there's a default website conf that you can use as a template, modify or delete, and I was always wondering what the 000-default.conf was actually for, because they had a default.conf too. After reading what Moritz Both said, it all makes more sense now.

What I did for my server was copy the config for the default hostname (website) to 000-default.conf file and a2ensite 000-default.

Now, everytime there is an unmatched domain request to my website, it serves up the 000-default page, which is just a copy of my actual default page.

Newteq Developer

Posted 2011-09-07T08:54:55.980

Reputation: 101

1I do the same but my un-matched/default host sends a redirect to the proper top level site which changes the displayed URL to the correct one as well. – ivanivan – 2018-12-25T13:55:23.837

That is a really great idea! I didn't think about that. I will definitely be implementing my site like that :) – Newteq Developer – 2018-12-25T18:18:57.800

For some reason, I can't seem to get my ssl (default page) to redirect. I have `<VirtualHost *:443> ... Redirect / https://baseurl/ ...

</VirtualHost> ` but the url stays the same. I've done the same for the non ssl version and it redirects correctly. Any ideas?

– Newteq Developer – 2018-12-25T19:31:46.143

Asked: 2011-09-07T08:54:55.980

Viewed: 9 587 times

Active: 2018-12-25T11:39:50.713