Prevent malicious parsing--prohibit direct access to websites via IP

First, what is malicious parsing

In general, to make the domain name can access to the site requires two steps, the first step, the domain name resolves to the host site, the second step, in the Web server to bind the domain name with the corresponding site. However, if the host IP can directly access a website, then the domain name resolution to the IP will also be able to access the site, without binding on the host, that is, anyone will be any domain name resolution to this IP can access to this site. Maybe you don't mind accessing your website through someone else's domain name, but what if the domain name is not filed? Once found, the consequences of IP, wire extraction, and even fines are required to be borne by you. Some people with ulterior motives, by resolving the non-filing domain name to someone else's host, make it suffer losses, this is a new attack means.

Second, Apache services

When using Apache to build a Web server, how to think only through the set of domain access, but not directly through the server's IP address access, there are two ways to achieve (certainly there will be other methods can be implemented), are implemented by modifying the httpd.conf file, as illustrated below.

On the last side of the httpd.conf file, add the following code

Namevirtualhost *:80<virtualhost *:80> ServerName 221.*.*.* <location/> Order allow,deny Deny from all </Location></VirtualHost> <virtualhost *:80> documentroot "/www/web" Serverna Me www.wzlinux.com</virtualhost>

Description: The upper part is the implementation of any access request that denies the IP directly through 221.*.*.*, at which point if you use 221.*.*.* access, you will be prompted to deny access. The next section is to allow access via the www.wzlinux.com domain name, which points to/www/web (assuming that your site's root directory is/www/web).

Third, Tomcat services

Modify the Server.xml configuration file.

For example, the server IP address is 192.168.1.2, the corresponding domain name is www.wzlinux.com.

Open the%tomcat_home%/conf/server.xml file and locate the engine node as the following XML code.

<engine name= "Catalina" defaulthost= "www.piis.cn" > 
Precautions:
1. The defaulthost of the Engine node configuration indicates the host to which the default is accessed. The defaulthost corresponding name must exist in the host node configured under the Engine node.
2. When a machine has multiple IPs, it is useful to allow access only through a specified domain name. At this point, the defaulthost is designated as a non-domain corresponding to the host, so that not through the domain name access to the designated non-domain host.
3. The Host node name corresponds to the IP address, and the domain name. A host specifies only one IP or domain name.
4. The appBase of the Host node, corresponding to the directory where the Web application is stored. The directory entered here is relative to%tomcat_home%, as the corresponding directory for www.wzlinux.com above is%tomcat_home%/webapps, and the 192.168.1.2 corresponding directory is%tomcat_home%/ipapps.
Four, Nginx service
Define a default empty hostname, prohibit its access, need to pass the domain name must be configured in the other server.
server {listen-default;    SERVER_NAME ""; return 444;}
Or
server {listen-default;    server_name _; return 444;}


650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M01/06/ED/wKiom1nAtUrRm_ZtAACmb4CVfN4560.jpg "title=" Qrcode_for_gh_891f5ff6ec4e_258.jpg "alt=" Wkiom1naturrm_ztaacmb4cvfn4560.jpg "/>

This article is from the "Operation and maintenance bit record" blog, please make sure to keep this source http://wzlinux.blog.51cto.com/8021085/1966796
Prevent malicious parsing--prohibit direct access to websites via IP