You should use Protected Hostnames, to prevent Access to your Webserver if the hostname is incorrect, or someone is using only the IP Address.
First configure the Protected Hostnames to deny per default and allow the Hostnames you’re Hosting on your Webserver.
config server-policy allow-hosts
edit "www.c3it.net"
set default-action deny
config host-list
edit 1
set host www.c3it.net
next
end
next
end
Then you’ll have to add the Protected Hostnames to the Server Policy
If you’re using Content Routing (what i prefer if there is more than one Service to protect and if there are different Servers in the Backend)
Then you’ll have to add all the Protected Hostnames you’re using.
