如何拒绝所有被禁止的主机报头403？Apache 2.4

Question

嗨，我试图拒绝所有没有例外的主机头，以阻止它们出现在mod页面缓存文件夹中。

我试图实现以下功能，但在Apache2.4服务器上-

，您可以通过为所有虚拟主机指定服务器名称来锁定服务器，然后添加一个给每个人提供403-禁止的所有缓存块。例如，我只是将ngxpagespeed.com设置为：

   server {
        listen 80;
        location / {
           deny all;
        }
   }
   server {
        listen       80;
        server_name  ngxpagespeed.com www.ngxpagespeed.com;
        pagespeed on;
        ...
    }

这就是我尝试在这个文件/etc/apache2/sites-enabled/000-default-le-ssl.conf顶部添加到apache服务器的内容。

<VirtualHost *:80>
    ServerName catchall
    <Location />
        Require all denied
    </Location>
    <Location /var/www/html/>
        Require all denied
    </Location>
</VirtualHost>

当我尝试

wget --header="Host: example.com" http://demo.mysite.com

我收到了这个回应-

Resolving demo.mysite.com (demo.mysite.com)... 142.41.74.25
Connecting to demo.mysite.com (demo.mysite.com)|142.41.74.25|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://demo.mysite.com/ [following]
--2022-09-05 10:57:46--  https://demo.mysite.com/
Reusing existing connection to demo.mysite.com:443.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://demo.mysite.com/ [following]
20 redirections exceeded.

为什么输出301而不是403被禁止？

我怎样才能把它送到403所有未知的主机头？

这就是我的mod_pagespeed缓存文件夹的样子，我想停止创建这些随机文件夹，这些文件夹不在我的服务器上-

/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C2Fwp-content
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C2Fwp-includes
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C2Fwp-json
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C3F3x%3D3x
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C3Fa%3Dfetch%2C26content%3D%2C3Cphp%2C3Edie%2C28%2C40md5%2C28HelloThinkCMF%2C29%2C29%2C3C
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/%2C3Frest_route%3D
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/.git
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/.well-known
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/1phpmyadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/2022
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/2phpmyadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_ignition
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_phpMyAdmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_phpmyadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_phpmyadmin_
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/_profiler
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/actuator
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/admin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/administrator
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/assets
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/Autodiscover
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/blog
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/c
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/cart
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/cgi-bin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/checkout
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/console
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/contact
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/cookies
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/css
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/database
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/db
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/dbadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/download
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/feed
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/flu
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/index.php%2C3Frest_route%3D
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/my-account
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/MyAdmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/myadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/mysql
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/mysql-admin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/mysqladmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/mysqlmanager
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/p-content
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/photo
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/php-my-admin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/php-myadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmy
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmy-admin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyAdmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-3
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-4
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-4.9.7
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5.1.0
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5.1.1
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5.1.2
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5.1.3
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin-5.2.0
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin1
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin1
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin2
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2011
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2012
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2013
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2014
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2015
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2016
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2017
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2018
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2019
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2020
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2021
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin2022
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin3
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin3
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin4
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin4
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin5
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin5
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin5.1
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin5.2
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpMyAdmin_
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phpmyadmin_
/var/cache/mod_pagespeed/v3/mysite.com/https,3A/,2Fdemo.mysite.com/phppma

如果有人能帮忙，谢谢你！

已更新

以下是我的conf文件在执行Robbie建议后的处理方式-

/etc/apache2/sites-enabled/000-default.conf

# Added to mitigate CVE-2017-8295 vulnerability
UseCanonicalName On

<VirtualHost *:80>

    ServerName catchall

</VirtualHost>

<VirtualHost *:443>

    ServerName catchall

    SSLCertificateFile /etc/letsencrypt/live/demo.mysite.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/demo.mysite.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>

/etc/apache2/sites-enabled/001-demo.mysite.com.conf

<VirtualHost *:80>
    ServerName demo.mysite.com
    ServerAlias demo.mysite.com

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        RewriteEngine on
        RewriteCond %{SERVER_NAME} =demo.mysite.com [OR]
        RewriteCond %{SERVER_NAME} =www.demo.mysite.com
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        ServerName demo.mysite.com
        ServerAlias www.demo.mysite.com

        UseCanonicalName On
        UseCanonicalPhysicalPort On

        Protocols h2 http/1.1

        DocumentRoot /var/www/html

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLCertificateFile /etc/letsencrypt/live/demo.mysite.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/demo.mysite.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Answer 1

太长时间不能发表评论，所以这是作为回应。

我认为CBroe的评论有点令人困惑，但在某种程度上也是正确的。

为了说明vhost块是如何工作的，如果请求主机(ServerName)与任何ServerName或ServerAlias声明不匹配，则使用第一个vhost块(由*:80或*：443匹配)。因此，如果您只有一个vhost声明，那么ServerName或ServerAlias部分中的内容并不重要。在这种情况下，“追赶一切”是非常好的。

三个例子：

<VirtualHost *:80>
    // This is the first block, so is default.
    // Matches anything (as there are no other blocks)
    // ServerName can be anything you like.
    ServerName catchall
</VirtualHost>

与

<VirtualHost *:80>
    // This is the first block, so is default.
    // Matches anything that is NOT "mydomain.com" / "www.mydomain.com"
    ServerName catchall
</VirtualHost>
<VirtualHost *:80>
    // Matches only "mydomain.com" / "www.mydomain.com"
    ServerName mydomain.com
    ServerAlias www.mydomain.com
</VirtualHost>

与之相比：

<VirtualHost *:80>
    // This is the first block, so is default.
    // Matches anything that is not "catchall"
    ServerName mydomain.com
    ServerAlias www.mydomain.com
</VirtualHost>
<VirtualHost *:80>
    // This block is a total waste of time as "catchall" is not a valid public host (unless local DNS etc)
    ServerName catchall
</VirtualHost>

在您的示例中，实际上有两个*：80个vhost块，一个在000-default.conf中，另一个在000-default-le-ssl.conf中。关键的问题是先加载哪一个。它们是按“字母数字”顺序加载的，但如果您不确定是否“。在"-“之前，我建议您将"000”和"001“重命名为这些数字的目的；以控制装载顺序。

因此，您应该拥有的解决问题的是两个conf文件，每个文件声明了80和443，正确排序如下：

000-default.conf

<VirtualHost *:80>
    // This is the first block, so is default.
    // Matches anything that is NOT "mydomain.com" / "www.mydomain.com"
    ServerName catchall
    // Do not add to cache, reject, throw error etc.
</VirtualHost>
<VirtualHost *:443>
    // This is the first block, so is default.
    // Matches anything that is NOT "mydomain.com" / "www.mydomain.com"
    ServerName catchall
    // Do not add to cache, reject, throw error etc.
    // Add your cert details, but users will get a cert error here anyway as name will not match.
</VirtualHost>

001-mydomain.com.conf

<VirtualHost *:80>
    // This is the second block, so must match the host (otherwise, will hit "default")
    ServerName mydomain.com
    ServerAlias www.mydomain.com 
    <Directory..... etc</Directory>
</VirtualHost>
<VirtualHost *:443>
    // This is the second block, so must match the host (otherwise, will hit "default")
    ServerName mydomain.com
    ServerAlias www.mydomain.com 
    <Directory..... etc</Directory>
    // Add your cert details
</VirtualHost>