We have a website, example.com, on Digital Ocean. It seems there is a user that used to have our IP address that has enabled domain masking for their site, or they are just poingint their domain, domain.com, to our sute. We do not want domain.com displaying our website, so I would like to block domain.com.
I tried using this guide: https://perishablepress.com/eight-ways-to-blacklist-with-apaches-mod_rewrite/ , but it seems like this doens't work with domain masking.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?domain(-|.).*$ [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>
I saw this example: https://serverfault.com/questions/796674/block-masking-url-from-nginx/ , but I don't know how to translate this to Apache.
@arkascha Suggested that I use the Apache's virtual hosts to get this job done.
The idea is to make your default host deny access, and then add another virtual host that will allow access to your domain. This means there is no blacklist, but a whitelist instead. This prevents and future or unknown domains causing similar issues.
Here is the content of my etc/apache2/sites-available/000-default.conf, which successfully blocked traffic from domain.com, and allowed traffic from example.com:
<VirtualHost *:80>
ServerName catchall
<Location />
Require all denied
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ServerAdmin [email protected]
DocumentRoot /var/www/html/public
<Directory /var/www/html/public>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>