Q: Disable access to default vhost and through server IP on Apache 2.4.10

I’m trying to get Apache 2.4.10 on Debian 8 “Jessie” up and running with multiple websites hosted on it. This might be an obvious and already answered question but I’ve never had the need to set-up a dedicated web host (usually just drop a WAMP server for development needs or pick up a web hosting service) and so far I have not had any luck finding an answer to my problem (I’ve found the complete opposite answers of what I’m trying to achieve). I need to get this working because apart from just hosting a couple of websites, there will be additional software set-up, for which, a regular web hosting service won’t do.

Everything seems to be working as intended but the only problem is that I can’t seem to find an optimal configuration which wouldn’t just block access to default vhost with 403 – Forbidden. What I need is Apache to ignore requests (not just return a 404 document but tell the browser there’s nothing there) from anyone accessing the default vhost or by accessing the server directly through it’s designated IP. The designated IP should be left for SSH access only (since I don’t have any kind of physical access to this server).

Basically, the web server should be accessible from a web browser through “FQDN-1” and “FQDN-2” (each located in their individual directories) and access to any other web address on this server should be ignored (invoking browser “404 not found” instead of returning a server error document, which would indicate that something is there).

my current vhost files:

<VirtualHost *:80>
    ServerName FQDN-1
    ServerAlias www.FQDN-1
    ServerAdmin mail@FQDN-1
    DocumentRoot /var/www/FQDN-1/public_html
    ErrorLog /var/www/FQDN-1/logs/error.log
    CustomLog /var/www/FQDN-1/logs/access.log combined
</VirtualHost>

And

<VirtualHost *:80>
        ServerName FQDN-2
        ServerAlias www.FQDN-2
        ServerAdmin mail@FQDN-2
        DocumentRoot /var/www/FQDN-2/public_html
        ErrorLog /var/www/FQDN-2/logs/error.log
        CustomLog /var/www/FQDN-2/logs/access.log combined
</VirtualHost>

The default vhost has been disabled through “a2dissite 000-default”
Iptables block everything except tcp port 80 and 22 (SSH access is whitelisted in iptables to just few specific iPs).


Source: apache

Leave a Reply