Someone pointed their domain to my ip address (connected via Cloudflare). I created a new default server with an answer “Unauthorized”. I could also forward to another site like Google, but I do not want my server to entertain these people, not even with a redirect. I created a FirewallID Zone with all ports closed but i do not know know to attach this zone to the Default virtual server in virtualmin.
Just for information. I applied the solution given below but I want to firewall. Any ideas? or the solution below is the most efficient for these cases?
You can’t apply a layer 4 tool to a layer 7 decision.
A firewall, at least an L4 firewall like FirewallD (and most Linux firewall implementations, though this is kind of a fuzzy area), can’t operate on the hostname in a web request. It simply does not have access to that information.
And, the only way to give it access to that information reliably is to implement a web server in the firewall. But, you already have a web server. So…it’d be silly to put a web server in the kernel firewall, when you can already answer (or whatever) requests to a given name with your web server.
The answer given in that thread is not merely the most efficient solution, it’s kind of the only solution. You could, if you were really worried about it, implement a fail2ban rule to block the client IPs of all clients that make requests for that domain. That’s not the same as a firewall that understand the host header in an HTTP request…you’re giving it an IP to block, which is a layer 4 decision.