Redirecting all http traffic of mail. subdomain

OS type and version Debian Linux 12
Webmin version 2.111
Usermin version 2.010
Virtualmin version 7.10.0
Theme version 21.10
Package updates All installed packages are up to date


I am using CloudFlare in front of all the virtual hosts. Only for the mail.domain subdomains I can’t use the proxy to filter the traffic, and my websites receive a lot of spam traffic through the mail. subdomains. Is there a way that I cna configure Apache to globally redirect or block any traffic with mail. subdomain? Or do I need to implement it server by server?

I will appreciate any lead on this… Thanks

I don’t quite understand the question, but I guess you have created a subdomain called mail using virtualmin ? If so what is it used for ? what sort of spam traffic are you getting and how have you found this out ?

I have which is used for receiving mail. That works all well.

My websites receive traffic from bots hitting / style.php etc… all these URLs that bots try for finding vulnerabilities. I can see them with WordFence. CloudFlare and CloudFlare rules blocks almost all of them for but not for because I can not activate the proxy for mail. in order to keem the mail server working.

The main question is, can I define a general rule in Apache to redirect any http(s) traffic that comes through Or do I need to do that virtual server by virtual server.

Why have you got a virtual server … you don’t need it at all this assumes you are not trying to host a site there. You could just remove the virtual server. On a normal installation of virtualmin mail is handled with out the need of that subdomain

1 Like

Thank you so much, you guided me to the right direction. I don’t remember how the serverAlias ended up in my apache config files. Removing it did the job. Thanks again

1 Like

I don’t know if it really reduces the attack surface since the space was unused, but it helps clean up the logs for when you have to look at them. :slight_smile:

It seems to be one of those ‘default’ creations. I’m not sure if programs like roundcube use it or not.

Now they all land on the default website, as if the IP address is used, and the default website is simply an Apache password protected folder with no user attached. I think that reduces the attack surface, as no php can be executed or nothing can be traced. And yes, the logs are cleaner.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.