I have a server running Apache that often gets unwanted proxy requests, mostly for sites like www.yandex.ru or www.baidu.com. I don't have mod_proxy loaded, so these requests don't actually work. But what happens is that the content returned corresponds to the home page for my website, presumably because that's the default virtual host. The thing is, I'd rather not send back the full index page to someone who obviously isn't actually interested in my website; I consider it a waste of bandwidth and resources. I'd rather respond with an HTTP error code (400 I suppose) to signal that my server does not work as a proxy, and also to make myself feel better when I examine the access logs 😉
What's the recommended way to configure Apache to return an error code for a proxy request? (By "proxy request" I mean one that provides an absolute URL in the HTTP request line.) And which HTTP error code is most appropriate for this?
By the way, I thought this would have been asked already but I looked and didn't find it.
Best Answer
You could simply configure a default vhost that denies all request:
With that in place, all requests accessing a vhost that is not explicitly configure will be denied with HTTP error code 403 ("Forbidden").
Also be sure to have a look at the Apache wiki page on proxy abuse for more details. Beyond the solution above, they will also give you hints for a
mod_rewrite-based solution.