can't replicate/block portscanner

Jonathan Vanasco nginx at
Fri Dec 9 23:29:04 UTC 2016

I got hit with a portscanner a few minutes ago, which caused an edge-case I can't repeat.

the access log looks like this: - [09/Dec/2016:22:15:03 +0000][_] 500 "GET / HTTP/1.0" 10299 "-" "masscan/1.0 (" "-" cookies="-"

the server block was:

	server {
	    listen 80 default_server;
	    server_name _; 

but there is another ip block:

	server { listen 80;
		      server_name ~^[0-9.]*$;

i can't figure out how to duplicate this request.  the 500 was triggered, because the upstream application server didn't get find a "HTTP_HOST" environment variable set up, and i'd like to protect against this. 

More information about the nginx mailing list