Today my server was maliciously parsed by a domain name. I checked and found that it was redirected by 301. I checked online and found that closing the empty host header can be used to prevent malicious domain name parsing. Add the following to httpd-vhost.conf Code
NameVirtualHost *
<VirtualHost *:80>
DocumentRoot "E:/error"
ServerName abc.com
</VirtualHost>This method did solve my problem, but I don’t quite understand the principle here....
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
I know nginx is set up like this, and the principle of Apache should be similar:
If nginx does not find the matching domain name in server{} and it is maliciously parsed,
_这个默认的server_name,直接返回444自定义状态码,也就是主动关闭请求。也可以使用499will be used. This is another custom status code of nginx, which means that the client cannot wait for the server to respond and actively closes the connection.Just add a virtual host and respond to all access to abc.com with the contents of the E:/error folder.