I have a few web sites running on the same IP in my droplet and just noticed that if I access droplet's IP in the browser, it loads the default Apache page for Ubuntu 14.04.
Is there a way to turn prevent this default Apache page from loading?
Disable the default apache site using this command:
a2dissite 000-default.conf
Hope this helps.
@Mohsen47, thanks. I was aware of that, but disabling the default virtual host simply brings up the next enabled virtual host in the alphabetical order if you put the droplet's IP in the browser.
For example, I have a virtual host called dev.example.com on my Droplet and when I type in the droplet IP after disabling the default vhost, it automatically redirects to dev.example.com
I don't want that. Instead, I would prefer to display a 403 error page or something similar.
In this case renable the default vhost and add this to its config file:
Redirect 403 /
ErrorDocument 403 "Not allowed"
Hope this helps.
@Mohsen47, it does, thank you. :-) I changed the text string to 'Forbidden'.
The reason I undertook this exercise was to try and minimize exposure of the web server details. I had already set ServerTokens in /etc/apache2/conf-enabled/security.conf to minimal, but it's fairly trivial to look up the IP of a domain and then load it to bring up the default Ubuntu apache page. Not that it's a great protection for the server or any such thing, but every little bit helps.
Hmm...I think this approach has some problems. After I put in the redirect, the phpmyadmin login page stopped working, so I had to remove the directive.
Hi @cloudnine
I found it if you are using apache version 2.4 you can do the following:
<If "%{REQUEST_URI} == '/'">
Redirect 403 /
ErrorDocument 403 "Not allowed"
</If>
Hope this helps, let me know please.
@Mohsen47, thanks for the updated code. I can't afford to try it on the production server, though. May be I will try it on a test server. Thanks for your efforts to help.