{"id":2065,"date":"2024-09-29T12:49:13","date_gmt":"2024-09-29T04:49:13","guid":{"rendered":"https:\/\/www.ruianding.com\/blog\/?p=2065"},"modified":"2024-09-29T13:31:22","modified_gmt":"2024-09-29T05:31:22","slug":"how-i-discovered-and-resolved-unintended-domain-traffic-with-apache","status":"publish","type":"post","link":"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/","title":{"rendered":"How I Discovered and Resolved Unintended Domain Traffic with Apache"},"content":{"rendered":"\n

Recently, I encountered an interesting situation while monitoring my website traffic. Through Matomo, I noticed that someone was visiting a domain I hadn\u2019t configured, www.tripwiki.cn<\/code>, yet these requests were hitting my server. This sparked my curiosity, as I do not own the tripwiki.cn<\/code> domain. So, why was this traffic ending up on my server?<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\n\n\n\n

Investigation<\/h2>\n\n\n\n

I first checked my Apache logs and, sure enough, all these requests from tripwiki.cn<\/code> were being directed to my server. After a bit of digging, I realized that although I had not explicitly configured a virtual host for tripwiki.cn<\/code>, its DNS record was pointing to my server\u2019s IP. Because I hadn\u2019t set up a fallback or default configuration for unknown domains, Apache was handling these requests as if they were legitimate.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\n\n\n\n

Root Cause<\/h2>\n\n\n\n

Initially, I had disabled the default virtual host in Apache (000-default.conf<\/code>) since I wasn\u2019t aware of how Apache\u2019s fallback mechanism worked. This meant that when Apache couldn\u2019t find a matching ServerName<\/code>, it would default to serving my primary website, effectively allowing any domain pointing to my IP to access the site.<\/p>\n\n\n\n

\n\n\n\n

The Solution<\/h2>\n\n\n\n

To prevent other unrelated domains from sending traffic to my server, I decided to re-enable the default virtual host and make a few key optimizations. Here’s how I solved the problem:<\/p>\n\n\n\n

1. Re-enable the Default Virtual Host<\/strong><\/h4>\n\n\n\n

I used the following command to bring back the default virtual host configuration in Apache:
<\/p>\n\n\n\n

   sudo a2ensite 000-default.conf<\/pre>\n\n\n\n
2. Modify the Default Virtual Host Configuration<\/strong><\/h4>\n\n\n\n
I updated the 000-default.conf<\/code> file to ensure that any requests for domains not explicitly configured would be rejected. The updated configuration looked like this:<\/p>\n\n\n\n
   <VirtualHost *:80>\n       ServerAdmin webmaster@localhost\n       ServerName unused.local\n       DocumentRoot \/var\/www\/html\n\n       ErrorLog ${APACHE_LOG_DIR}\/error.log\n       CustomLog ${APACHE_LOG_DIR}\/access.log combined\n\n       <Location \/>\n           Require all denied\n       <\/Location>\n   <\/VirtualHost><\/pre>\n\n\n\n
This setup ensures that any request that doesn\u2019t match my configured domains will receive a 403 Forbidden<\/code> or be outright denied.<\/p>\n\n\n\n
3. Configure My Domain-Specific Virtual Host<\/strong><\/h4>\n\n\n\n
I made sure that my own domain, www.ruianding.com<\/code>, was properly set up with its own virtual host, so only traffic for this domain would be served:<\/p>\n\n\n\n
   <VirtualHost *:80>\n       ServerAdmin webmaster@localhost\n       ServerName www.ruianding.com\n       ServerAlias ruianding.com\n       DocumentRoot \/var\/www\/ruianding\n\n       ErrorLog ${APACHE_LOG_DIR}\/ruianding_error.log\n       CustomLog ${APACHE_LOG_DIR}\/ruianding_access.log combined\n   <\/VirtualHost><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
4. Restart Apache<\/strong><\/h4>\n\n\n\n
After updating the configurations, I reloaded Apache to apply the changes:
<\/p>\n\n\n\n
   sudo systemctl reload apache2<\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\n\n\n\n
Lessons Learned<\/h2>\n\n\n\n
From this experience, I learned a few valuable lessons:<\/p>\n\n\n\n
    \n
  • Apache\u2019s fallback mechanism is crucial. Even if you haven\u2019t configured a domain, if its DNS points to your server\u2019s IP, Apache can still serve it.<\/li>\n\n\n\n
  • To ensure the security and proper functioning of your server, always configure a default virtual host to deny or restrict access to unintended domains.<\/li>\n<\/ul>\n\n\n\n
    By making these changes, I ensured that only the domains I own would be served by my server, preventing any unrelated or unintended traffic from accessing my resources. I hope this blog post can help others who might run into a similar situation<\/p>\n\n\n\n
    <\/p>\n","protected":false},"excerpt":{"rendered":"
    Recently, I encountered an interesting situation while monitoring my website traffic. Through Matomo, I noticed that someone was visiting a domain I hadn\u2019t configured, www.tripwiki.cn, yet these requests were hitting my server. This sparked my curiosity, as I do not own the tripwiki.cn domain. So, why was this traffic ending up on my server? Investigation […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[10],"tags":[],"class_list":["post-2065","post","type-post","status-publish","format-standard","hentry","category-tutorial"],"yoast_head":"\nHow I Discovered and Resolved Unintended Domain Traffic with Apache - \u6781\u7b80IT\uff5cSimpleIT<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How I Discovered and Resolved Unintended Domain Traffic with Apache - \u6781\u7b80IT\uff5cSimpleIT\" \/>\n<meta property=\"og:description\" content=\"Recently, I encountered an interesting situation while monitoring my website traffic. Through Matomo, I noticed that someone was visiting a domain I hadn\u2019t configured, www.tripwiki.cn, yet these requests were hitting my server. This sparked my curiosity, as I do not own the tripwiki.cn domain. So, why was this traffic ending up on my server? Investigation […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/\" \/>\n<meta property=\"og:site_name\" content=\"\u6781\u7b80IT\uff5cSimpleIT\" \/>\n<meta property=\"article:published_time\" content=\"2024-09-29T04:49:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-29T05:31:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/09\/image-50.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1420\" \/>\n\t<meta property=\"og:image:height\" content=\"192\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Ruian Ding\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ruian Ding\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/\"},\"author\":{\"name\":\"Ruian Ding\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"headline\":\"How I Discovered and Resolved Unintended Domain Traffic with Apache\",\"datePublished\":\"2024-09-29T04:49:13+00:00\",\"dateModified\":\"2024-09-29T05:31:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/\"},\"wordCount\":441,\"publisher\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"image\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/09\/image-50.png\",\"articleSection\":[\"Tutorial\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/\",\"url\":\"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/\",\"name\":\"How I Discovered and Resolved Unintended Domain Traffic with Apache - \u6781\u7b80IT\uff5cSimpleIT\",\"isPartOf\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/09\/image-50.png\",\"datePublished\":\"2024-09-29T04:49:13+00:00\",\"dateModified\":\"2024-09-29T05:31:22+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/#primaryimage\",\"url\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/09\/image-50.png\",\"contentUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/09\/image-50.png\",\"width\":1420,\"height\":192},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.ruianding.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How I Discovered and Resolved Unintended Domain Traffic with Apache\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#website\",\"url\":\"https:\/\/www.ruianding.com\/blog\/\",\"name\":\"Ruian's Tech Troubleshooting Toolbox\",\"description\":\"Debug the World.\",\"publisher\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"alternateName\":\"\u4e01\u777f\u5b89\u7684\u6280\u672f\u5206\u4eab\u535a\u5ba2\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.ruianding.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\",\"name\":\"Ruian Ding\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png\",\"contentUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png\",\"width\":284,\"height\":284,\"caption\":\"Ruian Ding\"},\"logo\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/\"},\"description\":\"I am currently a Support Specialist at NIO, focusing on cloud-related issues for NIO Power. Previously, at Microsoft Entra ID, I specialized in identity and access management (IAM), including device registration, Windows Hello for Business (WHfB), multi-factor authentication (MFA), and single sign-on (SSO). In addition to my core expertise, I have a strong foundation in Active Directory, Servers, Cloud Computing, Network Administration, and Front-end Web Development. This diverse technical skill set enables me to effectively handle a wide range of challenges in a fast-paced IT environment.\",\"sameAs\":[\"https:\/\/www.ruianding.com\"],\"url\":\"https:\/\/www.ruianding.com\/blog\/author\/ruiand\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How I Discovered and Resolved Unintended Domain Traffic with Apache - \u6781\u7b80IT\uff5cSimpleIT","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/","og_locale":"en_US","og_type":"article","og_title":"How I Discovered and Resolved Unintended Domain Traffic with Apache - \u6781\u7b80IT\uff5cSimpleIT","og_description":"Recently, I encountered an interesting situation while monitoring my website traffic. Through Matomo, I noticed that someone was visiting a domain I hadn\u2019t configured, www.tripwiki.cn, yet these requests were hitting my server. This sparked my curiosity, as I do not own the tripwiki.cn domain. So, why was this traffic ending up on my server? Investigation […]","og_url":"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/","og_site_name":"\u6781\u7b80IT\uff5cSimpleIT","article_published_time":"2024-09-29T04:49:13+00:00","article_modified_time":"2024-09-29T05:31:22+00:00","og_image":[{"width":1420,"height":192,"url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/09\/image-50.png","type":"image\/png"}],"author":"Ruian Ding","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ruian Ding","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/#article","isPartOf":{"@id":"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/"},"author":{"name":"Ruian Ding","@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"headline":"How I Discovered and Resolved Unintended Domain Traffic with Apache","datePublished":"2024-09-29T04:49:13+00:00","dateModified":"2024-09-29T05:31:22+00:00","mainEntityOfPage":{"@id":"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/"},"wordCount":441,"publisher":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"image":{"@id":"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/09\/image-50.png","articleSection":["Tutorial"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/","url":"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/","name":"How I Discovered and Resolved Unintended Domain Traffic with Apache - \u6781\u7b80IT\uff5cSimpleIT","isPartOf":{"@id":"https:\/\/www.ruianding.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/#primaryimage"},"image":{"@id":"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/09\/image-50.png","datePublished":"2024-09-29T04:49:13+00:00","dateModified":"2024-09-29T05:31:22+00:00","breadcrumb":{"@id":"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/#primaryimage","url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/09\/image-50.png","contentUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2024\/09\/image-50.png","width":1420,"height":192},{"@type":"BreadcrumbList","@id":"https:\/\/www.ruianding.com\/blog\/how-i-discovered-and-resolved-unintended-domain-traffic-with-apache\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ruianding.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How I Discovered and Resolved Unintended Domain Traffic with Apache"}]},{"@type":"WebSite","@id":"https:\/\/www.ruianding.com\/blog\/#website","url":"https:\/\/www.ruianding.com\/blog\/","name":"Ruian's Tech Troubleshooting Toolbox","description":"Debug the World.","publisher":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"alternateName":"\u4e01\u777f\u5b89\u7684\u6280\u672f\u5206\u4eab\u535a\u5ba2","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ruianding.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b","name":"Ruian Ding","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png","contentUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png","width":284,"height":284,"caption":"Ruian Ding"},"logo":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/"},"description":"I am currently a Support Specialist at NIO, focusing on cloud-related issues for NIO Power. Previously, at Microsoft Entra ID, I specialized in identity and access management (IAM), including device registration, Windows Hello for Business (WHfB), multi-factor authentication (MFA), and single sign-on (SSO). In addition to my core expertise, I have a strong foundation in Active Directory, Servers, Cloud Computing, Network Administration, and Front-end Web Development. This diverse technical skill set enables me to effectively handle a wide range of challenges in a fast-paced IT environment.","sameAs":["https:\/\/www.ruianding.com"],"url":"https:\/\/www.ruianding.com\/blog\/author\/ruiand\/"}]}},"_links":{"self":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/2065","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/comments?post=2065"}],"version-history":[{"count":5,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/2065\/revisions"}],"predecessor-version":[{"id":2080,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/2065\/revisions\/2080"}],"wp:attachment":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/media?parent=2065"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/categories?post=2065"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/tags?post=2065"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}