Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

how to disable direct access to a web site by ip address

Tags:

nginx

server

ip

dns

cloudflare

People also ask

How to disable direct access to a website by IP address NGINX?

Disable Direct HTTP IP AccessCreate a new site config file in /etc/nginx/sites-available (or wherever that is). This will be the default handler for all the server_name 's that aren't explicitly defined, and that includes the IP address. In the example above, we're listening to port 80 on both IPv4 and IPv6.

What is direct IP access?

A direct IP-access allows the user to access a website using its root server's IP-address. For instance,Google.com is securely accesible using its IP-address 216.58. 193.78.

server {
    listen      80 default_server;
    listen      [::]:80 default_server;
    server_name "";
    return      444;
}

You need to specify default_server parameter so that all non available server requests goes to this server block which throws 444 error.

444 : CONNECTION CLOSED WITHOUT RESPONSE

ref: https://httpstatuses.com/444


You can use redirect, nginx config:

server {
        listen 80;
        server_name IP_ADDRESS;
        return 301 http://YOUR.DOMAIN;
}

You can just add a server directive before others.

server {
    listen 80;
    server_name _;
    return 404;
}

You can use redirect, nginx config:

server {
        listen 80;`enter code here`
        server_name IP_ADDRESS;
        return 301 http://YOUR.DOMAIN;
}

you can return any error you find suitable. A list of errors can be found here List_of_HTTP_status_codes

server {
    listen      x.x.x.x:80;
    server_name x.x.x.x;
    return      404;
}

You may try to set the server IP address in:

/etc/nginx/conf.d/default.conf

So it looks like this:

server {
    listen 80;
    server_name localhost IP.OF.VPS.HERE;

Then you can specify the subdomain vhost, like:

server {
        listen 80;
        server_name subdomain.domain.com;

And the main domain, like:

server {
        listen 80;
        server_name www.domain.com domain.com;

Then restart Nginx:

/etc/init.d/nginx restart

Each vhost should have its own *.conf file (for better organization), like:

/etc/nginx/conf.d/subdomain.domain.com.conf
/etc/nginx/conf.d/domain.com.conf
/etc/nginx/conf.d/default.conf

Put this at top of your /etc/nginx/conf.d/SERVER_IP_ADDRESS.conf file and comment everything what is below it.

#disabling accesing server by ip address
server {
        listen SERVER_IP_ADDRESS:80 default;
        server_name _;
        return 404;
}

Then restart your Nginx server (on Ubuntu it is done by service nginx restart this command)

Now when you will put your server's ip address to browser url field you will get 404 error.

Related questions

What does [::] mean in my nginx config file
How to log all headers in nginx?
How to write a Nginx module? [closed]
Nginx error: (13: Permission denied) while connecting to upstream
Celery Flower Security in Production
route different proxy based on subdomain request in nginx
nginx add headers when returning 400 codes
How to define a global variable in nginx conf file
Nginx cannot find unix socket file with Unicorn (no such file or directory)
Jetty, Tomcat, Nginx, Geronimo, Glassfish: I'm confused
correct configuration for nginx to localhost?
Nginx location matches
nginx and supervisor setup in Ubuntu
Nginx understanding access log column
How to configure additional modules to nginx after installation?
How to debug "FastCGI sent in stderr: Primary script unknown while reading response header from upstream" and find the actual error message?
nginx not serving my error_page
How to make nginx to listen to server_name:port
Dynamic proxy_pass to $var with nginx 1.0
Nginx- error: bind() to 0.0.0.0:80 failed. permission denied

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!