Please find the below setting which is placed in /etc/nginx/sites-enabled under my site domain name. (mysite.lk)
server {
listen 80;
server_name mysite.lk www.mysite.lk;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:8080";
}
}
The application is running on port 8080 and here I'm redirecting all the 80 traffic to 8080. My website only uses mysite.lk and www.mysite.lk domain names.
Hence, I want to restrict/block all other domains (except mysite.lk and www.mysite.lk) which are coming to this server IP. What is the change that I need to do to achieve this?
I tried numerous things such as answers given in the Why is nginx responding to any domain name?, but was getting errors at the nginx startup.
Please help me out! Thanks.
Found the Answer. A catch-all server block should needed in the top of the config before the given config like below. The code block should be like this.
server {
return 403;
}
server {
listen 80;
server_name mysite.lk www.mysite.lk;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:8080";
}
}
server { listen 80; server_name example.org www.example.org ""; ... } If no server_name is defined in a server block then nginx uses the empty name as the server name. nginx versions up to 0.8. 48 used the machine's hostname as the server name in this case. If a server name is defined as “ $hostname ” (0.9.
The first server defined in Nginx is treated as the default_server
so by just adding one as the default and returning 412 (Precondition Failed) or any another status that best fits your requirements, will help for the subsequent servers to obey the server_name
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 412;
}
server {
listen 80;
server_name mysite.lk www.mysite.lk;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:8080";
}
}
All of the above answers are correct. But they all don't work if the other domain tries to access your host via port 443(https/SSL).
To Block access to https requests just add an if block in the https server configuration of your host.
server {
server_name www.xyz.com xyz.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
if ($host = "www.specificdomainyouwanttoblock.com") {
return 404;
}
if ($host = "specificdomainyouwanttoblock.com") {
return 404;
}
#or you can simply add:
if ($host != "yourdomain.com") {
return 404;
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With