Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to prevent Nginx from being maliciously parsed by domain names, which has a certain reference value. Interested friends can refer to it. I hope you will gain a lot after reading this article. Let's take a look at it.

Foreword:

Too unlucky, found that through IP can not access the server port 80 is very speechless, yesterday is all right ah, did not modify the configuration, other ports are normal, the firewall is no problem. So I asked the computer room and gave a crashing reply that our server had a domain name that had not been put on record and was notified by China Telecom many times, and then blocked our ip port. the key is that this domain name TMD is not mine.

After some toss, it is found that there seems to be a loophole in the nginx configuration, which causes any domain name to be resolved to the server can be normally requested, although it is a blank page, but the HTTP status code is 200.

Mainly due to the lack of the following configuration code: nginx version 1.8.0

Server {listen 80 default_server; server_name _; return 403;}

Let all unconfigured server_name return 403 error

I haven't added this configuration to Nginx before, but I haven't encountered this kind of problem again, and I tested it on another server, and even without this code, it's impossible to parse and request successfully, very speechless.

Add:

After searching around, I found that Nginx had better use its own unique status code 444 for this kind of problem.

Server {listen 80 default_server; server_name _; access_log off; return 444;}

In this way, when accessed on the browser side, the browser will automatically prompt the user that the user cannot access it.

The result crawled through CURL (output HTTP error message)

Thank you for reading this article carefully. I hope the article "how to prevent Nginx from being maliciously parsed by domain names" shared by the editor will be helpful to everyone. At the same time, I also hope that you will support and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.