Web-server – How to create dumthe virtual host in Apache to avoid cache poisoning

apache-2.2apache-2.4web-server

To avoid cache poisoning, I was asked to create a dummy virtual host on my Apache Web Server, so that all the forged requests(which are not actually related to my application) will go to the dummy virtual host.

Below is my current virtual host:

<VirtualHost *:*>
   DocumentRoot "cache location"
   ServerName myappname
</virtualHost>

I'm trying to create a dummy virtual host with Server name as * and with a different cache location. This is what I tried:

<VirtualHost *:*>
   DocumentRoot "another cache location"
   ServerName *
</virtualHost>

How can I test that my dummy virtual host configuration works, and do I need to modify my configuration?

Best Answer

As far as I know setting * as the ServerName will only match a literal * as the hostname and that does not do not the intended wildcard matching...

Your dummy virtual host , the VirtualHost entry that will respond to any and all unqualified requests that don't match any of the specific domain names that are explicitly configured, should by the first VirtualHost entry in your configuration.

<VirtualHost *:80>
  # This is the first and will handle anything that is not example.[com | net | org] 
  ...
</VirtualHost> 
<VirtualHost *:80>
  ServerName example.com
  ...
</VirtualHost> 
<VirtualHost *:80>
  ServerName example.net
  ...
</VirtualHost> 
<VirtualHost *:80>
  ServerName example.org
  ...
</VirtualHost>

The second part of this answer has a suitable setup for the default VirtualHOST: https://serverfault.com/a/662356/37681

Related Topic