View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions IP address pointing to Apache default index.html.
Log in to Ask a Question

IP address pointing to Apache default index.html.

development

My linode IP address points to the default Apache index.html file (/var/www/index.html). How can I make it not do this? Is there a more secure way of going about this so that my IP address doesn't point to anything?

Also, I'm hosting my website in /srv/www. But I've noticed other computers that have hosted theirs in /var/www. Which is preferred? Does it matter?

1 Reply

What do you want "nothing" to be? To access a web page, a client makes a TCP connection to your IP address and makes an HTTP request, which includes a header like "Host: www.example.com" to tell the server which website it wants*. You can't make the web server reject the connection when someone goes to http://192.0.2.4/, since it accepts the connection before it even finds out if they wanted http://192.0.2.4/ or http://www.example.com/ or whatever else.

It's technically feasible to make the server drop the connection as soon as it sees an unwanted Host header, though I don't know if Apache has a feature for it, or how easy it is to use. I wouldn't do it, though. It doesn't achieve anything except being confusing (and saving you a trivial amount of CPU).

The only other option is some sort of HTTP response, and Apache's default index.html seems like as good a response as any.

Although, now that I think of it, an HTTP redirect to your primary website might be nice too.

What security issue do you think this addresses, anyway? If you want to hide what web server you're using, well, more than 50% of web servers are Apache, so hiding that is pretty pointless. You can try to disguise the version by using some page other than the default index.html – say, a simple "Hello World", or the index.html from 10 years ago -- but that's probably unnecessary, and it's probably possible to identify the server in some other way anyway.

  • Older clients might not include any Host header, in which case they'll always get the default website (i.e., no support for virtual hosting). Bothering to support them these days isn't worth it, though.**

** This is a technical quibble, but I believe HTTP/1.1 also supports a slightly different mechanism of specifying the host -- using "GET http://www.example.com/foo.php HTTP/1.1" instead of the pair of headers "GET /foo.php HTTP/1.1" and "Host: www.example.com". But since they're completely equivalent, that's neither here nor there, and phrasing it as "Host header" was easier.

@groffcole:

Also, I'm hosting my website in /srv/www. But I've noticed other computers that have hosted theirs in /var/www. Which is preferred? Does it matter?
I'd go with whatever your distro/web server picked by default. It doesn't matter, so I'd rather not risk angering some weird piece of software that cares for some stupid reason.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct