VestaCP and non existent subdomains ?
Posted: Fri Jul 03, 2020 2:20 pm
Hi :)
There is something I don't understand with VestaCP and DNS
Generally, my domain name have a bind zone like this (just few lines of the whole bind zone) :
Thus, I get the possibility to join my server with those full qualified domain names :
But there is a strange thing when you try to reach an non existent subdomain : you will get from webserver a SSL error and you even can force to accept the wrong SSL cert. In this case, you will reach another hosted website (the last one ? the first one ?).
What I want to get in this case, is a simple Error 404 message or similar, without the possibility to reach anything.
Do you know how can I do this ?
I'm asking because I'm thinking my configuration generate this issue about "Host header attack" viewtopic.php?f=10&t=20030
The point is I don't know how to solved it efficiently... and I'm pretty sure the is something to do with Apache/Nginx servers...
Thanks for your answers :)
There is something I don't understand with VestaCP and DNS
Generally, my domain name have a bind zone like this (just few lines of the whole bind zone) :
Code: Select all
* 600 IN A 92.xxx.yyy.zzz
@ 600 IN A 92.xxx.yyy.zzz
- domain.com
- www.domain.com
- ftp.domain.com
But there is a strange thing when you try to reach an non existent subdomain : you will get from webserver a SSL error and you even can force to accept the wrong SSL cert. In this case, you will reach another hosted website (the last one ? the first one ?).
What I want to get in this case, is a simple Error 404 message or similar, without the possibility to reach anything.
Do you know how can I do this ?
I'm asking because I'm thinking my configuration generate this issue about "Host header attack" viewtopic.php?f=10&t=20030
The point is I don't know how to solved it efficiently... and I'm pretty sure the is something to do with Apache/Nginx servers...
Thanks for your answers :)