Hello. ISPConfig 3, debian, apache... I set up a simple site from outside: Code: telnet newsite.com 80 GET http://azenv.net/ HTTP/1.1 Host: azenv.net [Enter twice] returns response! How can this behavior be solved? Thanks
You did not mention which response it returns. Because a system that you ask for a wrong hostname must return the default host, and that's likely what you got as the response. But this is neither an attack nor proxy-related nor related to ISPConfig. When an Apache or Nginx HTTP server does not find a matching vhost, it will return the first website alphabetically, also known as the default vhost. If you want to make a specific website the default vhost of your system so that Apache returns this site in the case it has no better matching site, then create a site that's first in the alphabet, e.g., by giving it a domain like "000-default.tld" as a domain name.
Mr. Till . If you have an attack with dozens of such requests (GET url or CONNECT url) every second from different IPs, what do you think would be a good way to solve it? like that Code: 139.59.106.1 - - [05/Apr/2024:23:59:56 +0200] "CONNECT teamrrq.com:443:443 HTTP/1.1" 400 392 "-" "-" Thanks
One option is to use CloudFlare, their free account should be sufficient to prevent DOS attacks. Or you can use an apache module like mod-evasive, but CloudFlare is likely easier and more effective as mod_evasive does not work that well for DDOs where a lot of IP#s are involved.
