I have a purely personal website (Apache2 on Ubuntu), and to prvent outsiders from knowing there is a valid HTTP server at the specified domain, it uses with cryptic URLs. For example,
will, by design, return HTTP 404 error. But
http://somesite.com/RJv968sr0S860Iq1VfW2P28dqgCTqNUOm51AMuQL
might do something useful. I'm sure it is not a full proof method to deter interlopers, bots and hackers, but its there nevertheless.
Now, in addition to obscuring the URLs, I also use HTTPS for further protection, for which I have Apache rewrite HTTP requests to HTTPS.
RewriteEngine ON
RewriteCond %{REMOTE_ADDR} !192\.168\.
RewriteCond %{REMOTE_ADDR} !127\.0\.0\.1
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI}
And it works exactly as expected.
Unfortunately, it is not terribly sophisticated, and it also rewrites invalid URL requests. For example, the invalid URL http://somesite.com will get rewritten to the equally invalid URL https://somesite.com. But, this kind of rewrite would tip off someone that there is, indeed, some kind of HTTP server attached to the domain name.
I would like to fix my rewrite rules so that Apache will NOT rewrite any invalid URLs. Is this possible? If not with Apache, what about nginx or lighttpd? And if so, how do I make it happen?