Suppose that in a simplified scenario, I have a server hosting a single virtual host under Apache 2, and I would like any other attempt to access the server via IP or any other host to be denied. Further, I'd like an attempt to access the virtual host by HTTP to redirect to HTTPS.
Suppose the host is myhost.company.com, so the scenario is:
- https://myhost.company.com should work
- http://myhost.company.com should redirect to https://myhost.company.com
- any other web access by host, IP, etc. to the box should be denied
This seems like it shouldn't be too difficult to do (should it?) but thus far the only way I've been able to make it work is by defining the host and the redirect, and then sending all other traffic to some dummy directory on the server that has been manually forbidden.
I'd like to be able to do it in the Apache configuration though, if possible. Is it? In all of my other attempts, with "Deny" etc. it still allows other IP/host accesses through.
Thanks!
You should be able to set the
_default_vhost to return whatever error code you consider to count as "denied" for all requests; that'll do the trick nicely.