apache virtual host accesed as other domain - how to stop it?

Question

I have few virtual hosts on my server (say \*.mydomain.com), but I got lots of "spam/hack requests" for some totally other domain, like xchecker.net

 91.122.59.90 - - [2019-09-06 18:09:35] "POST http://fdc.xchecker.net/proxy2017/http/engine16.php HTTP/1.0" 403 302 #  "http://fdc.xchecker.net/proxy2017/http/engine16.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0"

while my domain is nothing like *.*.net - those request fails because they ask for non-existent files,

[Fri Sep 06 18:14:50.416879 2019] [authz_core:error] [pid 226975] [client 5.136.243.174:56314] AH01630: client denied by server configuration: /usr/htdocs, referer: RefererString

but I would like to reject them even earlier, as they ask for domain I do not even have.

I tried something like

    RewriteEngine on
    RewriteCond %{THE_REQUEST} .*http.* [NC]
    RewriteCond %{THE_REQUEST} !.*mydomain.com.* [NC]
    RewriteRule ^.* - [G,L]

but it did not work at all

How should I reject such requests just based on bad domain access?

Answer 1

The main problem was, that I had each virtual host in different file and common file alloved to set things like

LogFormat "%>s # %h %l %u %{[%F %T]}t \"%r\" %>s %b #  \"%{Referer}i\" \"%{User-agent}i\"" common

but did not enabled set (additional) Rewrite Engine configuration.

So I included to each virtual host file those lines:

RewriteEngine on
Include /etc/apache2/vhosts.d/x-my-rules

(maybe followed by more rules like this (for site I want make mostly private))

RewriteCond %{HTTP_REFERER} .*(google).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} .*(bot|spider|Ankit|Bing).* [NC]
RewriteRule ^.* - [G,L]

and created common include file x-my-rules

 #  LogLevel warn rewrite:trace6
    RewriteCond %{THE_REQUEST} .*http(s)?:.* [NC]
    RewriteCond %{THE_REQUEST} !.*mydomain.com.* [NC]
    RewriteRule .* - [G,L]
    RewriteCond %{THE_REQUEST} !(GET\ |POST\ |HEAD\ ).* [NC]
    RewriteRule .* - [G,L]
    RewriteCond %{THE_REQUEST} .*\./.* [NC]
    RewriteRule .* - [G,L]
    RewriteCond %{HTTP_REFERER} .*(xchecker.net|blabol).* [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (Ankit|Bing) [NC]
    RewriteRule .* - [G,L]

(Which is not perfect, but works for me to fight following:

• http://fdc.xchecker.net/proxy201.. totally different site
• CONNECT some/service which I do not even host
• GET ../../mnt/Datafile try to get files out of structure
• traffick from xchecker.net to nonexistent files
• I do not like Bing and there was many attacks by Ankit bot

and I will later go thru logs again and add more rules, for other tries to misuse of my site)