<html><head></head><body bgcolor="#FFFFFF" text="#000000" lang="en-US" style="background-color: rgb(255, 255, 255); line-height: initial;"> <div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">Well this is interesting. Since this situation should never happen (I think) in real life, should this code be always implemented? Any downsides?</div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">--------</div> <p style="text-align: justify; font-family: sans-serif;">If requests without the “Host” header field should not be allowed, a server that just drops the requests can be defined:</p><blockquote style="margin: 1em 0px 1em 1em; padding: 0.5em; line-height: 1em; border-left-width: 1px; border-left-style: solid; border-left-color: rgb(187, 187, 187); font-family: sans-serif;"><pre style="padding: 0px; margin-top: 0px; margin-bottom: 0px;">server {
listen 80;
server_name "";
return 444;
}
</pre></blockquote><p style="text-align: justify; font-family: sans-serif;">Here, the server name is set to an empty string that will match requests without the “Host” header field, and a special nginx’s non-standard code 444 is returned that closes the connection.</p><blockquote style="margin: 1em 0px 1em 1em; padding: 0.5em; border: 1px dotted rgb(153, 153, 153); line-height: 1.2em; text-align: justify; font-family: sans-serif;">Since version 0.8.48, this is the default setting for the server name, so the<code>server_name ""</code> can be omitted. In earlier versions, the machine’s <i>hostname</i> was used as a default server name.</blockquote><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br></div> <div style="font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"></div> <table width="100%" style="background-color:white;border-spacing:0px;"> <tbody><tr><td colspan="2" style="font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> <div style="border-style: solid none none; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding: 3pt 0in 0in; font-family: Tahoma, 'BB Alpha Sans', 'Slate Pro'; font-size: 10pt;"> <div><b>From: </b>Igal @ Lucee.org</div><div><b>Sent: </b>Friday, May 19, 2017 4:08 PM</div><div><b>To: </b>lists@lazygranch.com; nginx@nginx.org; Alex Samad</div><div><b>Subject: </b>Re: How to restrict acces to specific friendly URL by IP in Wordpress site?</div></div></td></tr></tbody></table><div style="border-style: solid none none; border-top-color: rgb(186, 188, 209); border-top-width: 1pt; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div><br><div id="_originalContent" style="background-color: rgb(255, 255, 255);">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
On 5/19/2017 4:02 PM, <a class="moz-txt-link-abbreviated" href="mailto:lists@lazygranch.com">lists@lazygranch.com</a> wrote:<br>
<blockquote type="cite" cite="mid:20170519230218.5742678.98473.28918@lazygranch.com">
<div style="width: 100%; font-size: initial; font-family: Calibri,
'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125);
text-align: initial; background-color: rgb(255, 255, 255);"><br>
</div>
<div style="width: 100%; font-size: initial; font-family: Calibri,
'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125);
text-align: initial; background-color: rgb(255, 255, 255);"><a class="moz-txt-link-freetext" href="https://httpstatuses.com/444">https://httpstatuses.com/444</a></div>
<div style="width: 100%; font-size: initial; font-family: Calibri,
'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125);
text-align: initial; background-color: rgb(255, 255, 255);"><span style="color: rgb(85, 98, 112); font-family: 'Open Sans',
sans-serif; font-size: 18px; line-height: initial;"><br>
</span></div>
<div style="width: 100%; font-size: initial; font-family: Calibri,
'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125);
text-align: initial; background-color: rgb(255, 255, 255);"><span style="color: rgb(85, 98, 112); font-family: 'Open Sans',
sans-serif; font-size: 18px; line-height: initial;">A
non-standard status code used to instruct</span><span style="color: rgb(85, 98, 112); font-family: 'Open Sans',
sans-serif; font-size: 18px; line-height: initial;"> </span><a href="http://nginx.org/" style="font-family: 'Open Sans',
sans-serif; font-size: 18px; background-color: transparent;
line-height: initial; color: rgb(214, 21, 109); font-weight:
bold; text-decoration: none;" moz-do-not-send="true">nginx</a><span style="color: rgb(85, 98, 112); font-family: 'Open Sans',
sans-serif; font-size: 18px; line-height: initial;"> </span><span style="color: rgb(85, 98, 112); font-family: 'Open Sans',
sans-serif; font-size: 18px; line-height: initial;">to close
the connection without sending a response to the client, most
commonly used to deny malicious or malformed requests.</span></div>
<div style="width: 100%; font-size: initial; font-family: Calibri,
'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125);
text-align: initial; background-color: rgb(255, 255, 255);"><span style="color: rgb(85, 98, 112); font-family: 'Open Sans',
sans-serif; font-size: 18px; line-height: initial;"><br>
</span></div>
<p style="margin-top: 0px; margin-bottom: 10px; font-size: 14px;
color: rgb(85, 98, 112); font-family: 'Open Sans', sans-serif;">This
status code is not seen by the client, it only appears in nginx
log files.</p>
</blockquote>
<br>
I stand corrected. Here's a better reference:<br>
<a class="moz-txt-link-freetext" href="http://nginx.org/en/docs/http/request_processing.html">http://nginx.org/en/docs/http/request_processing.html</a><br>
<br>
<br><!--end of _originalContent --></div></body></html>