name based hosting limiting

Igor Sysoev is at rambler-co.ru
Wed Sep 3 08:45:19 MSD 2008 

On Tue, Sep 02, 2008 at 04:23:58PM -0400, Paul wrote:

> I have a whole bunch of server configurations on a whole lot of ip 
> addresses..
> Is there a way to specify the catch all for ALL the ip addresses or 
> would i have to do a server _ for every ip address?
> (I'm not using a 'listen 80;' but rather listen 1.1.1.1:80 1.1.1.2:80 
> etc etc)
> Right now I'm using a if $host does not equal .*domain\.com.*, 
> proxy_pass http://127.0.0.1 

You can not use catching all server listening on *:80 only.
When nginx detects that it has a server listening on a IP, it uses that
server configuraiton, and if the server is single for that IP, it becames
default server for the IP. Therefore you have two choices:

1) add all IPs in default server:

          server {
                   listen 1.1.1.1 default;
                   listen 2.2.2.2 default;
                   ...
                   server_name  _;
                   return  404;
          }

2) add single line server before/after each server instead of "if $host":

          server { listen 2.2.2.2 default; server_name _; return 404; }

          server {
                   listen 2.2.2.2;


> Igor Sysoev wrote:
> >On Tue, Sep 02, 2008 at 03:27:44PM -0400, Paul wrote:
> >
> >  
> >>Is there a way to limit the domains that can be requested on a server 
> >>directive?
> >>
> >>Say I have
> >>
> >>   server
> >>       {
> >>               listen 2.2.2.2:80;
> >>               server_name x.com *.x.com;
> >>               location /
> >>               {
> >>                       proxy_pass http://1.1.1.1;
> >>                       proxy_redirect http://1.1.1.1/     
> >>http://$http_host/;
> >>                       proxy_redirect default;
> >>                       proxy_set_header        Host            
> >>$host;          ##Forwards host along
> >>                       proxy_set_header        X-Forwarded-For 
> >>$remote_addr;   ##Sends realip to customer svr
> >>               }
> >>       }
> >>
> >>
> >>
> >>Can I say, ONLY x.com and *.x.com can use this server?  Because I can 
> >>send any domain to it  and it passes it along to the backend server.
> >>I would like to limit access to this.
> >>    
> >
> >     server {
> >         listen 2.2.2.2:80 default;
> >         server_name  _;
> >         return 404;
> >     }
> >
> >     server {
> >         listen 2.2.2.2:80;
> >         server_name  x.com *.x.com;
> >
> >         # you may also add possibility to use IP only in browsers
> >         # and no Host header at all using:
> >         #server_name  2.2.2.2  "";
> >
> >         ...
> >     }
> >
> >Look also http://marc.info/?l=nginx&m=122025301723208&w=2
> >
> >
> >  
> 
> -- 
> GloboTech Communications
> Phone: 1-514-907-0050
> Toll Free: 1-(888)-GTCOMM1
> Fax: 1-(514)-907-0750
> paul at gtcomm.net
> http://www.gtcomm.net 
> 

-- 
Igor Sysoev
http://sysoev.ru/en/

More information about the nginx mailing list