How to block access to sites by IP address
By default, when you open the server's IP address in the browser's address bar, the first site in the web server configuration or the site that was assigned as the default site will be opened.
To change this standard web server logic, first create any site, for example, with the name place.holder
, and make changes to its configuration. If you use the ispmanager panel, first assign it as the default site.
You will also need to create a self-signed certificate in advance so that the stub site can accept requests via HTTPS. To do this, run the following commands:
mkdir /root/placeholder-ca
openssl genrsa -out /root/placeholder-ca/place.holder.key 2048
openssl req -new -x509 -days 3650 -key /root/placeholder-ca/place.holder.key -out /root/placeholder-ca/place.holder.crt
When generating the certificate, you will be asked for data. You can leave the fields blank and skip each field by pressing Enter.
If you use the ispmanager panel, create a Let's Encrypt certificate in the SSL certificates section for this site. The fact that it was or was not issued has no significance.
When using Nginx
Change the site configuration file to look like this:
server {
server_name catchall;
return 403;
listen SERVER IP-ADDRESS:80 default_server;
}
server {
server_name catchall;
ssl_certificate "/root/placeholder-ca/place.holder.crt";
ssl_certificate_key "/root/placeholder-ca/place.holder.key";
ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
listen IP-АДРЕС_СЕРВЕРА:443 ssl http2 default_server;
return 403;
}
If the certificate for the site was issued through the ispmanager panel, there is no need to make changes to the ssl_certificate
and ssl_certificate_key
directives.
For the return
directive, you can use any other error code if necessary.
Restart the web server if you made changes manually via the console:
systnemctl reload nginx
When using Apache
Change the site configuration file to look like this:
<VirtualHost SERVER IP-ADDRESS:80>
ServerName catchall
<Location />
Redirect 403 /
</Location>
</VirtualHost>
<VirtualHost SERVER IP-ADDRESS:443>
ServerName catchall
SSLEngine on
SSLCertificateFile "/root/placeholder-ca/place.holder.crt"
SSLCertificateKeyFile "/root/placeholder-ca/place.holder.key"
SSLHonorCipherOrder on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 +TLSv1.3
SSLCipherSuite EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4
<Location />
Redirect 403 /
</Location>
</VirtualHost>
If the certificate for the site was issued through the ispmanager panel, there is no need to make changes to the SSLCertificateFile
and SSLCertificateKeyFile
directives.
For the return
directive, you can use any other error code if necessary.
Restart the web server if you made changes manually via the console:
systnemctl reload apache2
Use the following command for RHEL-based operating systems:
systnemctl reload httpd