Block HTTP_HOST spoofing

[sKunKbad]

I've recently starting noticing that I am getting requests where the HTTP_HOST is being spoofed. I don't know how they are doing it, but the server sends me an error message, and it's kind of annoying. What I'd like to know is if something like this in .htaccess will have any negative side-effects:

RewriteCond %{HTTP_HOST} !^example\.com$ [NC]
RewriteRule .* - [F]

I've tested this on my dev machine, and it seems fine. Anything that I should be concerned about? Would it be effective?

Edited June 24, 2015 by sKunKbad

[requinix]

Yes, that will be effective.

 

Is the host a full URL like "http://forums.phpfreaks.com/topic/297006-block-http-host-spoofing/"? They're checking if your server can act as an anonymous proxy.

[sKunKbad]

No, it wasn't a full URL, but the request has always been to a page that doesn't exist. For instance, the site is not a WordPress site, but one of the requests was pointed at /wp-config.php.

[requinix]

Oh. Then they're probing for vulnerabilities. Outdated WordPress installations, an accessible phpMyAdmin, etc. Every server on the internet gets probed like that.

[sKunKbad]

Oh. Then they're probing for vulnerabilities. Outdated WordPress installations, an accessible phpMyAdmin, etc. Every server on the internet gets probed like that.

 

I understand the probing, and have seen that before, but why change the HTTP host too?

[requinix]

It's a good way of getting the default virtualhost, which could have assorted tools (like phpMyAdmin) installed.