preventing requests with unknown host names

Igal @ Lucee.org igal at lucee.org
Fri Aug 21 18:12:56 UTC 2015


On 8/21/2015 4:49 AM, navern wrote:
> On 21.08.2015 10:30, Francis Daly wrote:
>> On Thu, Aug 20, 2015 at 11:35:58PM -0700, Igal @ Lucee.org wrote:
>>> On 8/20/2015 3:55 PM, Igal @ Lucee.org wrote:
>> Hi there,
>>
>> I do not know the full answer to your question.
>>
>>> when I tried to add listen for port 443 it broke the https for requests
>>> with the valid hostname as well.
>>>
>>> ## disable http server for requests with unknown hosts
>>> server {
>>>
>>>      listen      IP:80     default_server;
>>> #   listen      IP:443    default_server;    # breaks all https??
>>>      return      444;
>>> }
>>>
>>> what's the trick to do the same for https without breaking the requests
>>> for https://myhost/ ?
>> You will need at least a proper ssl configuration in that server{}
>> block -- possibly setting it at http level.
>>
>> See, for example,
>> http://nginx.org/en/docs/http/configuring_https_servers.html#name_based_https_servers
>>
>>
>> In general, the ssl hostname that the browser wants to connect to is
>> not available until after the ssl negotiation has happened.
>>
>>     f
> Look at this link:
> http://nginx.org/en/docs/http/configuring_https_servers.html#sni
>
> SNI will help you with to have listen separate server_name on one IP
> and have default_server.
I have SNI enabled (running on Windows and confirmed by calling  `$
nginx -V`

not sure how to "use" that?

thanks



More information about the nginx mailing list