preventing requests with unknown host names
Igal @ Lucee.org
igal at lucee.org
Fri Aug 21 06:35:58 UTC 2015
So while this worked well for port 80:
On 8/20/2015 3:55 PM, Igal @ Lucee.org wrote:
> Thank you, Francis.
>> For each "listen" directive with a unique ip:port, add one server{}
>> block which contains "listen ip:port default_server; return 444;"
> This seems to do the trick.
when I tried to add listen for port 443 it broke the https for requests
with the valid hostname as well.
## disable http server for requests with unknown hosts
server {
listen IP:80 default_server;
# listen IP:443 default_server; # breaks all https??
return 444;
}
what's the trick to do the same for https without breaking the requests
for https://myhost/ ?
> I expected there to be a way to do all of the IP addresses at once.
>
> Thanks for your help!
>
>
> Igal
>
>
> On 8/20/2015 3:16 PM, Francis Daly wrote:
>> I want to disable processing of all requests that do not have a valid
>> hostname
>> Check your entire configuration for "listen" directives.
>>
>> http://nginx.org/r/listen
>>
>> There will be zero or more in each server{} block. If there are zero,
>> that is equivalent to "listen 80" (if you run as root).
>>
>> For each "listen" directive with a unique ip:port, add one server{}
>> block which contains "listen ip:port default_server; return 444;"
>>
>>> I'm tried to follow the advice on:
>>> http://nginx.org/en/docs/http/request_processing.html#how_to_prevent_undefined_server_names
>>>
>>> so I have (inside http directive):
>>>
>>> server {
>>>
>>> listen 80;
>>> server_name "";
>>> return 444;
>>> }
>> If your config only has "listen 80", or no "listen" directives at all, then
>>
>> server {
>> listen 80 default_server;
>> return 444;
>> }
>>
>> should do what you want.
>>
>>> but I am still able to access the website by its IP address?
>>>
>>> what am I doing wrong?
>> Not causing that server to be the default server for the ip:port you
>> are connecting to.
>>
>> f
More information about the nginx
mailing list