preventing requests with unknown host names

Igal @ Lucee.org igal at lucee.org
Fri Aug 21 06:35:58 UTC 2015


So while this worked well for port 80:

On 8/20/2015 3:55 PM, Igal @ Lucee.org wrote:
> Thank you, Francis.
>> For each "listen" directive with a unique ip:port, add one server{}
>> block which contains "listen ip:port default_server; return 444;"
> This seems to do the trick.

when I tried to add listen for port 443 it broke the https for requests
with the valid hostname as well.

## disable http server for requests with unknown hosts
server {

    listen      IP:80     default_server;
#   listen      IP:443    default_server;    # breaks all https??
    return      444;
}

what's the trick to do the same for https without breaking the requests
for https://myhost/ ?



> I expected there to be a way to do all of the IP addresses at once.
>
> Thanks for your help!
>
>
> Igal
>
>
> On 8/20/2015 3:16 PM, Francis Daly wrote:
>> I want to disable processing of all requests that do not have a valid
>> hostname
>> Check your entire configuration for "listen" directives.
>>
>> http://nginx.org/r/listen
>>
>> There will be zero or more in each server{} block. If there are zero,
>> that is equivalent to "listen 80" (if you run as root).
>>
>> For each "listen" directive with a unique ip:port, add one server{}
>> block which contains "listen ip:port default_server; return 444;"
>>
>>> I'm tried to follow the advice on:
>>> http://nginx.org/en/docs/http/request_processing.html#how_to_prevent_undefined_server_names
>>>
>>> so I have (inside http directive):
>>>
>>>     server {
>>>
>>>         listen      80;
>>>         server_name "";
>>>         return      444;
>>>     }
>> If your config only has "listen 80", or no "listen" directives at all, then
>>
>>   server {
>>     listen 80 default_server;
>>     return 444;
>>   }
>>
>> should do what you want.
>>
>>> but I am still able to access the website by its IP address?
>>>
>>> what am I doing wrong?
>> Not causing that server to be the default server for the ip:port you
>> are connecting to.
>>
>> 	f



More information about the nginx mailing list