How to block proxy servers apache vhosts

Help
1

Recently I started receiving unwanted visits on my site, through analysis it concludes that most would be proxy servers, I searched for a solution by virtual hosts, however http works perfectly, and https does not work. I will post my 2 virtual hosts files and hope they help me, thank you.

Port 80 without redirecting to https working perfectly.
<VirtualHost *:80>
ServerName my.server.com
DocumentRoot /var/www/html
DirectoryIndex index.htm index.php index.html

ErrorLog /var/log/apache2/scd-error.log
CustomLog /var/log/apache2/scd-access.log combined


<Directory "/var/www/html">
  Options FollowSymLinks
  AllowOverride AuthConfig
  order allow,deny
  Allow from all
</Directory>

RewriteEngine on
RewriteCond %{HTTP:VIA} !^ [OR] RewriteCond %{VIA} !^ [OR]
RewriteCond %{Proxy-Connection} !^ [OR] RewriteCond %{HTTP:X_FORWARDED_FOR} !^ [OR]
RewriteCond %{HTTP:FORWARDED_FOR} !^ [OR] RewriteCond %{HTTP:X_FORWARDED} !^ [OR]
RewriteCond %{HTTP:FORWARDED} !^ [OR] RewriteCond %{HTTP:HTTP_CLIENT_IP} !^ [OR]
RewriteCond %{HTTP:FORWARDED_FOR_IP} !^ [OR] RewriteCond %{X-PROXY-ID} !^ [OR]
RewriteCond %{MT-PROXY-ID} !^ [OR] RewriteCond %{X-TINYPROXY} !^ [OR]
RewriteCond %{X_FORWARDED_FOR} !^ [OR] RewriteCond %{FORWARDED_FOR} !^ [OR]
RewriteCond %{X_FORWARDED} !^ [OR] RewriteCond %{FORWARDED} !^ [OR]
RewriteCond %{CLIENT-IP} !^ [OR] RewriteCond %{CLIENT_IP} !^ [OR]
RewriteCond %{PROXY-AGENT} !^ [OR] RewriteCond %{HTTP:X_CLUSTER_CLIENT_IP} !^ [OR]
RewriteCond %{PROXY-AGENT} !^ [OR] RewriteCond %{FORWARDED_FOR_IP} !^ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^ [OR] RewriteCond %{HTTP:PROXY_CONNECTION} !^ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^ [OR] RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^
RewriteRule ^(.*)$ https://www.fake.com/$1 [L,R=301]

Port 443 rewrite does not work

<VirtualHost *:443>
ServerName my.server.com
DocumentRoot /var/www/html
DirectoryIndex index.htm index.php index.html

ErrorLog /var/log/apache2/novo-error.log
CustomLog /var/log/apache2/novo-access.log combined

<Directory “/var/www/html”>
Options FollowSymLinks
AllowOverride AuthConfig
order allow,deny
Allow from all

RewriteEngine on
RewriteCond %{HTTP:VIA} !^ [OR] RewriteCond %{VIA} !^ [OR]
RewriteCond %{Proxy-Connection} !^ [OR] RewriteCond %{HTTP:X_FORWARDED_FOR} !^ [OR]
RewriteCond %{HTTP:FORWARDED_FOR} !^ [OR] RewriteCond %{HTTP:X_FORWARDED} !^ [OR]
RewriteCond %{HTTP:FORWARDED} !^ [OR] RewriteCond %{HTTP:HTTP_CLIENT_IP} !^ [OR]
RewriteCond %{HTTP:FORWARDED_FOR_IP} !^ [OR] RewriteCond %{X-PROXY-ID} !^ [OR]
RewriteCond %{MT-PROXY-ID} !^ [OR] RewriteCond %{X-TINYPROXY} !^ [OR]
RewriteCond %{X_FORWARDED_FOR} !^ [OR] RewriteCond %{FORWARDED_FOR} !^ [OR]
RewriteCond %{X_FORWARDED} !^ [OR] RewriteCond %{FORWARDED} !^ [OR]
RewriteCond %{CLIENT-IP} !^ [OR] RewriteCond %{CLIENT_IP} !^ [OR]
RewriteCond %{PROXY-AGENT} !^ [OR] RewriteCond %{HTTP:X_CLUSTER_CLIENT_IP} !^ [OR]
RewriteCond %{PROXY-AGENT} !^ [OR] RewriteCond %{FORWARDED_FOR_IP} !^ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^ [OR] RewriteCond %{HTTP:PROXY_CONNECTION} !^ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^ [OR] RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^
RewriteRule ^(.*)$ https://www.fake.com/$1 [L,R=301]

SSLCertificateFile /etc/letsencrypt/live/my.server.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my.server.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

2

Hi @ygorick

I don’t see a certificate problem.

Please answer the following questions. That’s the standard template from #help

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

3

My domain is: coopappc.com
My web server is (include version): Server version: Apache/2.4.10 (Debian)
The operating system my web server runs on is (include version):“Debian GNU/Linux 8 (jessie)”
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No

4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.