preventing requests with unknown host names
Igal @ Lucee.org
igal at lucee.org
Fri Aug 21 18:12:56 UTC 2015
On 8/21/2015 4:49 AM, navern wrote:
> On 21.08.2015 10:30, Francis Daly wrote:
>> On Thu, Aug 20, 2015 at 11:35:58PM -0700, Igal @ Lucee.org wrote:
>>> On 8/20/2015 3:55 PM, Igal @ Lucee.org wrote:
>> Hi there,
>>
>> I do not know the full answer to your question.
>>
>>> when I tried to add listen for port 443 it broke the https for requests
>>> with the valid hostname as well.
>>>
>>> ## disable http server for requests with unknown hosts
>>> server {
>>>
>>> listen IP:80 default_server;
>>> # listen IP:443 default_server; # breaks all https??
>>> return 444;
>>> }
>>>
>>> what's the trick to do the same for https without breaking the requests
>>> for https://myhost/ ?
>> You will need at least a proper ssl configuration in that server{}
>> block -- possibly setting it at http level.
>>
>> See, for example,
>> http://nginx.org/en/docs/http/configuring_https_servers.html#name_based_https_servers
>>
>>
>> In general, the ssl hostname that the browser wants to connect to is
>> not available until after the ssl negotiation has happened.
>>
>> f
> Look at this link:
> http://nginx.org/en/docs/http/configuring_https_servers.html#sni
>
> SNI will help you with to have listen separate server_name on one IP
> and have default_server.
I have SNI enabled (running on Windows and confirmed by calling `$
nginx -V`
not sure how to "use" that?
thanks
More information about the nginx
mailing list