首先,需要启用
LoadModule vhost_alias_module modules/mod_vhost_alias.so
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
然后,编辑conf/extra/httpd-vhosts.conf
NameVirtualHost *:80
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
ServerName www.bad.com
ErrorDocument 404 /404.html
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName www.ok.com
DocumentRoot "/var/www/html"
</VirtualHost>
原理说明:
apache将第一个virtualhost作为默认配置,然后依次向下查找,如果有匹配中的,则采用新匹配到的配置项
这样就可以将允许的访问主机头之外的恶意解析请求拦截在外;
PS:网上很多配置都是在第一个virtualhost配置为Deny from all,这个返回码是403;
采用上述配置项,返回码是404;
在关注网站备案检测上,应该还是用上述配置比较合适;
以上在apache 2.2.x上确认通过;