How to prevent processing requests with undefined server names on nginx 1.1.17

dubstep · March 26, 2012, 1:33pm

Dear Team,

My OS: Centos 5.8

My nginx 1.1.7

Apache listen on: 8080

Nginx listen on: 80

nginx as reverse proxy.

My proxy.conf file

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
client_header_buffer_size 64k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 16k;
proxy_buffers 32 16k;
proxy_busy_buffers_size 64k;

My nginx config file:

server {

 listen       80;

 server_name  "";

 return       444;

}

server {

     listen       192.168.1.3:80 default_server;

     server_name  www1.domain1.com;

     access_log  /var/log/nginx/www1.domain1.com.access.log  main;

     location / {

          include proxy.conf;

     proxy_pass   http://127.0.0.1:8080;

     }

     }

server {

     listen       192.168.1.3:80;

     server_name  forum.domain1.com;

     access_log  /var/log/nginx/forum.domain1.com.access.log  main;

     location / {

          include proxy.conf;

     proxy_pass   http://127.0.0.1:8080;

     }

     }

server {

     listen       192.168.1.3:80;

     server_name  www.domain1.com domain1.com;

     access_log  /var/log/nginx/www.domain1.com.access.log  main;

     location / {

          include proxy.conf;

     proxy_pass   http://127.0.0.1:8080;

     }

     }

server {

     listen       192.168.1.3:80;

     server_name  www.domain2.com domain2.com;

     access_log  /var/log/nginx/www.domain2.com.access.log  main;

     location / {

          include proxy.conf;

     proxy_pass   http://127.0.0.1:8080;

     }

     }

My problem:

When I access undefined server names, ex: anything.domain1.com or
anything.domain2.com

I can still access, I want it to return 444.

How I fix my problem ???

Thank all team Nginx,

Nguyen

HKS_VIETNAM · March 26, 2012, 1:45pm

Try:

server {
listen [::]:80 default_server;
server_name _;
return 444;
}

You’ll have to define all valid hosts in each server block.

–appa

HKS_VIETNAM · March 26, 2012, 1:48pm

Apache listen on: 8080

proxy_buffer_size 16k;

Just rewrite your “catch all” virtual host as a following:

server {
listen 80 default_server;
server_name _;
return 444;
}

And move ‘default_server’ attribute here, from your second virtual host.

Note that the ‘server_name “”’ syntax means ‘empty Host header’.
But it will work with the ‘listen 80 default_server’.

Refer the Server names

HKS_VIETNAM · March 26, 2012, 6:15pm

Dear,

Thank you so much.

It’s OK My proplem has been fixed.

Thank you,
Nguyen