PHPFixing
  • Privacy Policy
  • TOS
  • Ask Question
  • Contact Us
  • Home
  • PHP
  • Programming
  • SQL Injection
  • Web3.0

Wednesday, September 21, 2022

[FIXED] How to defend Apache2 from anti DNS pinning and anti DNS rebinding?

 September 21, 2022     apache, apache2, dns, virtualhost     No comments   

Issue

How to defend my apache2 server from anti DNS pinning and anti dns rebinding? I work in company where is inform safety is important, but they only can test in one platform and tell me where is problem(
I am front-end and do not know how to defend my server ( Madly I hope that you will help with advice and show me the right path! Thank you very much in advance )
This is my

site.name.conf

<IfModule mod_ssl.c>
  <VirtualHost *:443>
    ServerAdmin webmaster@localhost
    ServerName site.name
    ServerAlias site.name
    DocumentRoot /data/edu3/public
    <Directory /data/edu3/>
      AllowOverride All
      Order allow,deny
      allow from all
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Include /etc/apache2/options-ssl-apache.conf
    SSLCertificateFile /data/ssl/u1.crt
    SSLCertificateKeyFile /data/ssl/u1.key
  </VirtualHost>
  <VirtualHost *:443>
    ServerName catchall
    <Location />
        Order allow,deny
        Deny from all
    </Location>
  </VirtualHost>
</IfModule>
  <VirtualHost 10.224.32.10:80>
    ServerAdmin webmaster@localhost
    ServerName site.name  
    DocumentRoot /data/edu3/public
    <Directory /data/edu3/>
      AllowOverride All
      Order allow,deny
      allow from all
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
  </VirtualHost>
<VirtualHost _default_:*>
    ServerName catchall
    <Location />
        Order allow,deny
        Deny from all
    </Location>
  </VirtualHost>
<VirtualHost 10.224.32.10:80>
    ServerName catchall
    <Location />
        Order allow,deny
        Deny from all
    </Location>
  </VirtualHost>

Solution

The easiest way is to add this virtualhost separately, and make sure that the virtualhost for the main website is using the ServerName directive.

<VirtualHost _default_:80>
ServerAdmin webmaster@localhost
DocumentRoot "/path/to/defaultpagedirectory"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log
</VirtualHost>

Basically what this does is that, it has a default page in the document root (you have to create it), it will serve that default page to the user if the Host header differs.



Answered By - Example person
Answer Checked By - Robin (PHPFixing Admin)
  • Share This:  
  •  Facebook
  •  Twitter
  •  Stumble
  •  Digg
Newer Post Older Post Home

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...

Subscribe To

Posts
Atom
Posts
Comments
Atom
Comments

Copyright © PHPFixing