preventing requests with unknown host names
navern
livingdeadzerg at yandex.ru
Fri Aug 21 11:49:20 UTC 2015
On 21.08.2015 10:30, Francis Daly wrote:
> On Thu, Aug 20, 2015 at 11:35:58PM -0700, Igal @ Lucee.org wrote:
>> On 8/20/2015 3:55 PM, Igal @ Lucee.org wrote:
> Hi there,
>
> I do not know the full answer to your question.
>
>> when I tried to add listen for port 443 it broke the https for requests
>> with the valid hostname as well.
>>
>> ## disable http server for requests with unknown hosts
>> server {
>>
>> listen IP:80 default_server;
>> # listen IP:443 default_server; # breaks all https??
>> return 444;
>> }
>>
>> what's the trick to do the same for https without breaking the requests
>> for https://myhost/ ?
> You will need at least a proper ssl configuration in that server{}
> block -- possibly setting it at http level.
>
> See, for example,
> http://nginx.org/en/docs/http/configuring_https_servers.html#name_based_https_servers
>
> In general, the ssl hostname that the browser wants to connect to is
> not available until after the ssl negotiation has happened.
>
> f
Look at this link:
http://nginx.org/en/docs/http/configuring_https_servers.html#sni
SNI will help you with to have listen separate server_name on one IP and
have default_server.
More information about the nginx
mailing list