Tomcat binds domain names to prevent malicious domain names from referring

When looking at the traffic statistics and analysis, we found that there were other domain names at the entrance URL. Just a moment, then I was shocked and found that it was the same as my own server.

Attacked? Infected? Captured? Then, Baidu and Google found that they encountered the same problem:

 

The two points are summarized as either the domain name configuration problem or the server (Tomcat) configuration problem. Finally, I read the Post below to solve the problem.

Address: http://www.zlong.org/tomcat-binding-domain-bound-to-prevent-malicious-domain/

Today, a server in the company has been bound to many malicious domain names, so we need to handle it as soon as possible. Otherwise, an IP address will be blocked.
The server uses tomcat. Google searched many methods to bind its own domain name, without saying how to prevent other domain names from being bound.
At first, I thought of a method: Modify tomcat/CONF/server. XML, find the engine element, and add the host element like the existing localhost. For example, if you want to disable www.fff.com, you can write it like this:
<! -- More -->

<Host name="www.fff.com"  appBase="notexists"      unpackWARs="true" autoDeploy="true"      xmlValidation="false" xmlNamespaceAware="false"></Host> 

The appbase is a non-existent directory. Therefore, when you request www.fff.com, you will not access your real application. However, in this way, only www.fff.com can be prohibited, and fff.com will not be prohibited. Therefore, it is too troublesome to add a host named fff.com, and some malicious domain names are unpredictable, you don't know how many domain names will be bound to your IP address, so this method won't work.

The above method is permitted by default. It is used to list prohibited items and change the train of thought. It is disabled by default. It is used to list allowed columns. Isn't it OK? So there is a second method:

<!-- default host is forbiden -->  <Engine name="Catalina" defaultHost="forbiden">      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"          resourceName="UserDatabase"/>                  <!-- allow hosts -->      <Host name="localhost"  appBase="webapps"              unpackWARs="true" autoDeploy="true"              xmlValidation="false" xmlNamespaceAware="false"></Host>      <Host name="www.yourdomain.com"  appBase="webapps"              unpackWARs="true" autoDeploy="true"              xmlValidation="false" xmlNamespaceAware="false"></Host>              <Host name="192.168.1.3"  appBase="webapps"              unpackWARs="true" autoDeploy="true"              xmlValidation="false" xmlNamespaceAware="false"></Host>                         <!-- forbiden host, the appBase is a not exists directory.       If the requested domain is not in the above list of hosts where are allowed, then use this host.  -->      <Host name="forbiden"  appBase="notexists"              unpackWARs="true" autoDeploy="true"              xmlValidation="false" xmlNamespaceAware="false"></Host>      </Engine>  

Set defaulthost in the engine to forbiden. There is a host named forbiden, and its appbase is a non-existent directory. Add the allowed host. Therefore, if it is an unknown domain name, the forbiden host will be used, so that the real application directory cannot be accessed.

This is just my solution. If you have a better solution, you can exchange the following information.

Original address http://www.iteye.com/topic/1112160

 

Tomcat binds domain names to prevent malicious domain names from referring