wrong site displayed--seemingly randomly

Nick Pearson nick.pearson at gmail.com
Fri Mar 13 23:09:34 MSK 2009

It might help to set up a default "catch all" server.  There's more info on
it here: http://wiki.nginx.org/NginxHttpCoreModule#server_name and it's done
differently depending on your version of nginx.

You can set up your default server to point to one of your sites, or you can
use it to show a 404 for invalid domains.

I have a CMS that hosts multiple, unrelated sites, and after looking through
my logs recently, I was finding that one of the sites (the one nginx
determined as the "default") was receiving all sorts of garbage traffic from
bots, script kiddies, and the like.  Some of the requests were from old
domains that were pointed at an IP I had recently acquired, some were
targeted at the IP address itself with no Host header, and the majority were
penetration testing (like http://some-made-up-domain.com/*).

Since I didn't want to send all this traffic to my CMS backend, I wanted to
have nginx filter it upfront.  As such, I now have the following as my
"default" server:

server {
  listen       80 default;
  server_name  _;

  root         /var/www/default;
  log_format   nosy  '$remote_addr - $remote_user [$time_local] '
                     '"$request" ["$scheme://$host$request_uri"] $status
$body_bytes_sent '
                     '"$http_referer" "$http_user_agent"';
  access_log   /var/log/nginx/default.access.log nosy;
  error_log    /var/log/nginx/default.error.log;

  location / {
    return 404;

The lot_format is of course optional, but I wanted to add it since the
default log format doesn't include $host (just $request_uri).  Also, I
wanted to monitor for traffic from old domains that are still pointed at my
IP address.  If you don't care about this, you can just use "access_log
off;".  It may be worth noting that since I set this up about a month ago,
the default.error.log file is still empty.

Since the traffic is garbage, I don't care what the 404 page looks like, so
the default one that nginx serves up is fine with me.

On Fri, Mar 13, 2009 at 2:47 PM, Chris Cortese <cortese.consulting at gmail.com
> wrote:

> I just figured out the problem.
> I did not include the "www" version of my domains in the .conf in some
> cases.  I have fixed it.
> Still, I don't understand why the behavior should be defaulting to whatever
> site I happened to configure first.
> Jim Ohlstein wrote:
>> This happened with me a short time ago on a new server.
>> If your site config files include:
>> listen domain.tld;
>> try changing them to:
>> listen 80;
>> or
>> listen *:80;
>> or
>> listen xx.xx.xx.xx:80;
>> Jim
>> ------Original Message------
>> From: Chris Cortese
>> Sender: owner-nginx at sysoev.ru
>> To: nginx
>> ReplyTo: nginx at sysoev.ru
>> Subject: wrong site displayed--seemingly randomly
>> Sent: Mar 13, 2009 3:25 PM
>> I moved my sites over to a new server and a new install of nginx-0.7.40 a
>> couple days ago.  I noticed once 2 days ago that I went to one domain and
>> one of my other sites showed up.  I thought this must be something strange
>> with the DNS propagation.
>> Today my business partner went to our site and saw this same other site
>> instead.  The site that sometimes is mistakenly showing up is the first site
>> I migrated to the new server setup.
>> None of these sites is set to be any sort of default, and all are included
>> an:
>> include ...../sites-available/*.conf;
>> Anybody have any idea what else could be causing this?  It's a pretty
>> serious problem.
>> Thanks,
>> Chris
>> Sent from my Verizon Wireless BlackBerry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20090313/7eafd483/attachment.html>

More information about the nginx mailing list