Prevent Arbitary HTTP Host header in nginx
Reinis Rozitis
r at roze.lv
Fri Feb 28 08:57:23 UTC 2020
> I have added the below server block https://paste.centos.org/view/0c6f3195
>
> It is still not working. I look forward to hearing from you and your help is highly appreciated. Thanks in Advance.
If you don't use the default_server for the catch all server{} block then you should place it as first in the configuration as otherways nginx will choose the first one using the order they come in configuration (for each listen port there can be a different default server).
In your case it will be the:
server {
..
listen 443 ssl;
ssl_protocols TLSv1.2;
server_name developer-nonprod.example.com;
.....
So either place it as first or add listen 443 default_server;
p.s you can read in more detail how nginx handles the Hosts and server_names in the documentation http://nginx.org/en/docs/http/server_names.html and http://nginx.org/en/docs/http/request_processing.html
rr
More information about the nginx
mailing list