Home > other >  how to make my apache website accept only host header with a specific entry
how to make my apache website accept only host header with a specific entry

Time:09-28

my website is under attack and I see that the attacker is bypassing the cloudflare security by entering the website with the IP and not with domain name, I am wandering if I can protect my website by making my apache-based website block all the requests that doesn't have the name of my website in the host header of the attackers requests

CodePudding user response:

Even if you did do this all the attacker has to do is add the header to their requests and you're still having the same problem. You need to block access from non-cloudflare IP ranges at the firewall.

https://www.cloudflare.com/ips/

Make sure that you put in an allow your for yourself for testing.

CodePudding user response:

i don't know if this will protect my website "and" i forgot to mention that i am using xampp windows

anyway from the xampp rules file i just entered

<If "%{HTTP_HOST} == 'website'">
</If>
<Else>
  RewriteRule ^.*$ http://website/$1 [L]
</Else>

and it worked

that's it that's the answer for the question i asked

  • Related