Web servers

/
/
How to block access to sites by IP address

How to block access to sites by IP address

By default, when you open the server's IP address in the browser's address bar, the first site in the web server configuration or the site that was assigned as the default site will be opened.

To change this standard web server logic, first create any site, for example, with the name place.holder, and make changes to its configuration. If you use the ispmanager panel, first assign it as the default site.

You will also need to create a self-signed certificate in advance so that the stub site can accept requests via HTTPS. To do this, run the following commands:

mkdir /root/placeholder-ca
openssl genrsa -out /root/placeholder-ca/place.holder.key 2048
openssl req -new -x509 -days 3650 -key /root/placeholder-ca/place.holder.key -out /root/placeholder-ca/place.holder.crt

When generating the certificate, you will be asked for data. You can leave the fields blank and skip each field by pressing Enter.

If you use the ispmanager panel, create a Let's Encrypt certificate in the SSL certificates section for this site. The fact that it was or was not issued has no significance.

When using Nginx

Change the site configuration file to look like this:

server {
	server_name catchall;
	return 403;
	listen SERVER IP-ADDRESS:80 default_server;
}
server {
	server_name catchall;
	ssl_certificate "/root/placeholder-ca/place.holder.crt";
	ssl_certificate_key "/root/placeholder-ca/place.holder.key";
	ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
	listen IP-АДРЕС_СЕРВЕРА:443 ssl http2 default_server;
	return 403;
}
Please note!

If the certificate for the site was issued through the ispmanager panel, there is no need to make changes to the ssl_certificate and ssl_certificate_key directives.

For the return directive, you can use any other error code if necessary.

Restart the web server if you made changes manually via the console:

systnemctl reload nginx

When using Apache

Change the site configuration file to look like this:

<VirtualHost SERVER IP-ADDRESS:80>
    ServerName catchall
<Location />
    Redirect 403 /
</Location>
</VirtualHost>

<VirtualHost SERVER IP-ADDRESS:443>
    ServerName catchall
SSLEngine on
	SSLCertificateFile "/root/placeholder-ca/place.holder.crt"
	SSLCertificateKeyFile "/root/placeholder-ca/place.holder.key"
	SSLHonorCipherOrder on
	SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 +TLSv1.3
	SSLCipherSuite EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4
<Location />
    Redirect 403 /
</Location>
</VirtualHost>
Please note!

If the certificate for the site was issued through the ispmanager panel, there is no need to make changes to the SSLCertificateFile and SSLCertificateKeyFile directives.

For the return directive, you can use any other error code if necessary.

Restart the web server if you made changes manually via the console:

systnemctl reload apache2

Use the following command for RHEL-based operating systems:

systnemctl reload httpd

In this article