It might help to set up a default “catch all” server. There’s more info
on
it here: Module ngx_http_core_module and it’s
done
differently depending on your version of nginx.
You can set up your default server to point to one of your sites, or you
can
use it to show a 404 for invalid domains.
I have a CMS that hosts multiple, unrelated sites, and after looking
through
my logs recently, I was finding that one of the sites (the one nginx
determined as the “default”) was receiving all sorts of garbage traffic
from
bots, script kiddies, and the like. Some of the requests were from old
domains that were pointed at an IP I had recently acquired, some were
targeted at the IP address itself with no Host header, and the majority
were
penetration testing (like http://some-made-up-domain.com/*).
Since I didn’t want to send all this traffic to my CMS backend, I wanted
to
have nginx filter it upfront. As such, I now have the following as my
“default” server:
server {
listen 80 default;
server_name _;
root /var/www/default;
log_format nosy '$remote_addr - $remote_user [$time_local] ’
'“$request” [“$scheme://$host$request_uri”] $status
$body_bytes_sent ’
‘“$http_referer” “$http_user_agent”’;
access_log /var/log/nginx/default.access.log nosy;
error_log /var/log/nginx/default.error.log;
location / {
return 404;
}
}
The lot_format is of course optional, but I wanted to add it since the
default log format doesn’t include $host (just $request_uri). Also, I
wanted to monitor for traffic from old domains that are still pointed at
my
IP address. If you don’t care about this, you can just use “access_log
off;”. It may be worth noting that since I set this up about a month
ago,
the default.error.log file is still empty.
Since the traffic is garbage, I don’t care what the 404 page looks like,
so
the default one that nginx serves up is fine with me.
On Fri, Mar 13, 2009 at 2:47 PM, Chris Cortese
<[email protected]