Access to configuration instances of the site using IP is prohibited in Nginx
- 2020-05-12 06:27:51
- OfStack
In China, all servers are prohibited from using IP to access the website because of the record. Otherwise, if you allow access to the site using IP, simply resolve a domain name to the IP and access the domain name to open the site. This is a great risk! It is very convenient to solve this problem in Nginx. Let's talk about it for 1 time.
In China, all servers are prohibited from using IP to access the website because of the record. Otherwise, if you are allowed to use IP to access the site, just parse 1 domain name to IP and access the domain name to open the site. This is a great risk! Nginx can be very convenient to solve this problem, the novice to discuss with you 1 1.
The following configuration item can be set to allow access to the site using IP.
server {
listen 80;
server_name "";
}
This is essentially binding an empty host header, so any host header that points to this IP can open the site.
If you need Nginx to disable access to the site using IP, you can define the following host and discard these requests:
server {
listen 80;
server_name "";
return 444;
}
In this case, we set the host name to an empty string to match the request for an undefined "Host" header, and returned an nginx specific, non-http standard return code 444, which can be used to close the connection.
Starting with version 0.8.48, this has become the default setting for the hostname, so you can omit server_name "" as follows:
server {
listen 80;
return 444;
}