Shulou(Shulou.com)06/01 Report--

I. what is malicious parsing

In general, it takes two steps to enable the domain name to access the website. The first step is to resolve the domain name to the host where the website is located, and the second step is to bind the domain name to the corresponding website in the web server. However, if you can access a website directly through the host IP, then resolving the domain name to the IP will also be able to access the website without binding on the host, which means that anyone who resolves any domain name to the IP will be able to access the site. Maybe you don't mind accessing your website through someone else's domain name, but what if this domain name is an undocumented domain name? Once found out, you will have to bear the consequences of sealing IP, unplugging and even fining. Some people with ulterior motives suffer losses by resolving undocumented domain names to other people's hosts, which is a new method.

II. Apache services

When using apache to build a WEB server, how to think that it can only be accessed through the set domain name, but not directly through the server's IP address? there are two methods that can be implemented (of course, there are certainly other methods that can be implemented), all of which can be achieved by modifying the httpd.conf file. The following example illustrates.

At the end of the httpd.conf file, add the following code

NameVirtualHost *: 80 ServerName 221.* Order Allow,Deny Deny from all DocumentRoot "/ www/web" ServerName www.wzlinux.com

Note: the above part is to deny any access request directly through 221.* this IP. If you use 221.* access, you will be prompted to deny access. The next part is to allow access through the domain name www.wzlinux.com, with the home directory pointing to / www/web (assuming your site's root directory is / www/web).

III. Tomcat service

Modify the configuration file server.xml.

For example, the server IP address is 192.168.1.2, and the corresponding domain name is www.wzlinux.com.

Open the% TOMCAT_HOME%/conf/server.xml file and find the Engine node to do the following Xml code.

Note:

1. The defaultHost configured by the Engine node indicates the Host accessed by default. The name of the defaultHost must exist in the host node configured under the Engine node.

two。 This is useful when a machine has more than one IP and is required to allow access through only one specified domain name. At this point, specify defaultHost as the host corresponding to a non-domain name, so that you can locate the specified non-domain name HOST if you do not access it through the domain name.

3. The Host node name corresponds to the IP address and domain name. Only one IP or domain name can be specified for a Host.

4. The appBase of the Host node, which corresponds to the directory where the web application is stored. The directory entered here is relative to% TOMCAT_HOME%, such as the www.wzlinux.com above, the corresponding directory is% TOMCAT_HOME%/webapps, and the corresponding directory of 192.168.1.2 is% TOMCAT_HOME%/ipapps.

IV. Nginx service

Define a default empty host name and prohibit its access. The domain name that needs to be passed must be configured in other server.

Server {listen 80 default; server_name ""; return 444;}

Or

Server {listen 80 default; server_name _; return 444;}

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.