My configuration is very simple :
To avoid duplicate content, I want to prevent user to go on my website by hitting directly apache (which is running on port 8080).
I have setup a Varnish server listening on port 80, so I want to use only this to avoid bot indexing the same website on different port which may cause duplicate content issue.
I'm using a dedicated server with Debian 6.
My virtual host looks like :
<VirtualHost *:8080>
ServerAdmin webmaster@localhost
ServerName www.seek-team.com
DocumentRoot ...
DirectoryIndex app.php
<Directory "/var/www/seek-team.com/current/web">
Options -Indexes FollowSymLinks SymLinksifOwnerMatch
AllowOverride All
Allow from All
</Directory>
</VirtualHost>
How to prevent user to directly access to the website using port 8080 ? (but I still need varnish to hit apache correctly).
Thanks.
You could bind apache daemon to loopback interface and make Varnish to connect to
localhost:80. Thus, varnish would be accessible to the world while apache would be accessible only locally.Varnish config:
Apache config:
Quickest option would be to simply bind the Apache instance to Localhost, so it would only be accessible from that machine.
Alternatively you could tweak the permissions of your Apache Virtual host directory block to:
This is slightly more flexible, as you can add your own IP, or net range to the permitted IP list, to allow a select few direct access for diagnostic purposes.
Both option above assume the Varnish instance is running on the same physical server.
Simply block the 8080 port with iptables for the outside world like this: