htaccess - Deny requests from unauthorized domains

前端 未结 3 1439
广开言路
广开言路 2021-02-09 00:02

I have a website \"www.mysite.com\", and it has an its own ip. Now since few months I see several domains pointing to my ip server (it\'s not a shared ip). I can navigate thru t

3条回答
  •  栀梦
    栀梦 (楼主)
    2021-02-09 00:45

    If you want to do with mod_rewrite, you can check SERVER_NAME to block unauthorized domains:

    RewriteEngine on
    RewriteCond %{SERVER_NAME} ^(www\.)?thiefdomain1\.example$ [OR]
    RewriteCond %{SERVER_NAME} ^(www\.)?thiefdomain2\.example$ [OR]
    RewriteCond %{SERVER_NAME} ^(www\.)?thiefdomain3\.example$
    RewriteRule ^ - [F]
    

    or

    RewriteEngine on
    RewriteCond %{SERVER_NAME} !^(www\.)?yourdomain\.example$
    RewriteCond %{SERVER_NAME} !^(www\.)?yourdomain-alias\.example$
    RewriteRule ^ - [F]
    

    If you have root privileges, you can also solve the problem with name-based virtual hosting as follows:

    NameVirtualHost *:80
    
    
      ServerName dummy
      
        Order deny,allow
        Deny from all
      
      ...
    
    
    
      ServerName www.yourdomain.example
      ServerAlias yourdomain.example
      ...
    
    

    The first VirtualHost definition is treated as a default virtual host. If 192.0.2.100 is accessed as thiefdomain1.example, thiefdomain2.example, thiefdomain3.example, or any other hostnames except for www.yourdomain.example or yourdomain.example (defined in the second VirtualHost), Apache refers the first VirtualHost and returns 403 Forbidden status.

提交回复
热议问题