I am using CloudFlare in front of all the virtual hosts. Only for the mail.domain subdomains I can’t use the proxy to filter the traffic, and my websites receive a lot of spam traffic through the mail. subdomains. Is there a way that I cna configure Apache to globally redirect or block any traffic with mail. subdomain? Or do I need to implement it server by server?
I don’t quite understand the question, but I guess you have created a subdomain called mail using virtualmin ? If so what is it used for ? what sort of spam traffic are you getting and how have you found this out ?
I have mail.domain.com which is used for receiving mail. That works all well.
My websites receive traffic from bots hitting https://mail.domain.com/install.php / style.php etc… all these URLs that bots try for finding vulnerabilities. I can see them with WordFence. CloudFlare and CloudFlare rules blocks almost all of them for https://domain.com but not for https://mail.domain.com because I can not activate the proxy for mail. in order to keem the mail server working.
The main question is, can I define a general rule in Apache to redirect any http(s) traffic that comes through mail.domain.com? Or do I need to do that virtual server by virtual server.
Why have you got a mail.domain.com virtual server … you don’t need it at all this assumes you are not trying to host a site there. You could just remove the mail.domain.com virtual server. On a normal installation of virtualmin mail is handled with out the need of that subdomain
Thank you so much, you guided me to the right direction. I don’t remember how the serverAlias mail.domain.com ended up in my apache config files. Removing it did the job. Thanks again
Now they all land on the default website, as if the IP address is used, and the default website is simply an Apache password protected folder with no user attached. I think that reduces the attack surface, as no php can be executed or nothing can be traced. And yes, the logs are cleaner.
