Condition to match a missing "Host:" header

Hi,

I’m trying to write a simple if condition, inside a location block,
that evaluates true when the client didn’t send a Host header.

I tried many combinations using the $host variable but no luck so far.
Any hints?

Thanks

On Thu, Aug 21, 2008 at 05:20:09PM +0200, Luigi Perroti wrote:

I’m trying to write a simple if condition, inside a location block,
that evaluates true when the client didn’t send a Host header.

I tried many combinations using the $host variable but no luck so far.
Any hints?

Why do you need to test it ?
Have you tried the configuration in my previous mail ?

Igor S. <[email protected]…> writes:

Why do you need to test it ?
Have you tried the configuration in my previous mail ?

Yes, I tried what you suggested.
Now I have a better understanding of how nginx works, thank you.

As of now I’ve come up with a configuration file that works fine for the
application that I’ll have to run.

The only thing is that, with this configuration, when no “Host:” header
is sent
by the client nginx will handle this with a 400 code directly. The
application
won’t receive the request. Since this application does access logging by
itself
I disabled access logging in nginx.

But I would like to turn it back on for requests where no Host header is
specified. Otherwise I’d have no way to know about these requests.

I also do this when my custom error pages are called directly.

The relevant part of my config file can be found here:
http://pastebin.com/mc05d231

Note that although it might be written better this does exactly what I
want.
Except for the fact that I can’t have nginx log to access.log the
requests with
no Host header, and I can’t get my application to handle them either.

On Thu, Aug 21, 2008 at 04:16:53PM +0000, Luigi Perroti wrote:

The relevant part of my config file can be found here: http://pastebin.com/mc05d231

Note that although it might be written better this does exactly what I want.
Except for the fact that I can’t have nginx log to access.log the requests with
no Host header, and I can’t get my application to handle them either.

You need just:

location = /400.html {
root /www/errors;
internal;
access_log /var/log/nginx/access.log;
}

Also, any “if ($request_uri = ‘/404.html’)” means that you should write

location = /404.html {

instead.

BTW, in 0.7.12 the special server_name “” will allow to handle
requests without Host not in default listening server:

 server {
     listen 80 default;
     server_name  _;
 }

 server {
     listen 80;
     server_name  www.example.com "";
 }

Igor S. <[email protected]…> writes:

You need just:

location = /400.html {
root /www/errors;
internal;
access_log /var/log/nginx/access.log;
}

Unfortunately, if I do that the 400 responses that my application sends
get
logged too. Which I would prefer to avoid.

    server_name  www.example.com "";
}

Does that mean that if ($host = “”) would evaluate to true if no Host:
header is
sent? That would precisely be what I need.

-Luigi

On Thu, Aug 21, 2008 at 7:38 PM, Igor S. [email protected] wrote:

Why at all do you want to log request without Host ?

It’s one more thing that my scripts can check when evaluating if an IP
should be banned or not.
Since nowadays there are no legit clients that won’t send the Host
header I can use this information as a ringing bell for malicious
activity.

Regards,
-Luigi

On Thu, Aug 21, 2008 at 05:21:38PM +0000, Luigi Perroti wrote:

Unfortunately, if I do that the 400 responses that my application sends get

server {
listen 80;
server_name www.example.com “”;
}

Does that mean that if ($host = “”) would evaluate to true if no Host: header is
sent? That would precisely be what I need.

Yes.

Why at all do you want to log request without Host ?

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs