Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Nginx forbids IP access and allows only domain name access

2025-04-03 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/03 Report--

Today, if you want to set up on Nginx to prohibit access to the server through IP, you can only access it through the domain name. This is to prevent the server from being disconnected due to the resolution of undocumented domain names to your own server, IP. The following solutions can be found on the network.

When we use it, we will encounter a lot of malicious IP***,. At this time, we will use Nginx to prohibit IP access. Let's first see that the default virtual host of Nginx takes effect when the user accesses it through IP or through an unset domain name (for example, someone points his own domain name to your ip). The most important point is to add this line to the setting of server:

Listen 80 default

The following default parameter indicates that this is the default virtual host.

Nginx prevents IP from accessing this setting is very useful.

For example, when someone visits your site through ip or an unknown domain name, and you want to disable any valid content, you can return it to him. At present, many computer rooms in China require website owners to turn off empty host headers to prevent undocumented domain names from pointing to cause trouble. You can set it like this:

Simple and direct modification method:

Modify the nginx.conf file

Modify to

Server {listen 80th serverroomname www.xcn.cn; # here is the domain name you specified.}

Add another paragraph after the last server:

Just to visit the default website and return 403 directly.

Server {listen 80 default_server;server_name _; return 403;}

Here, a 403 error will be returned when receiving ip access or non-specified domain name access.

Here are some of the more detailed descriptions:

Server {listen 80 default; return 500;}

You can also collect these traffic and import them to your own website, as long as you make the following jump settings:

Server {listen 80 default; rewrite ^ (. *) http://www.xcn.cn permanent;}

After setting as above, the server cannot be accessed through IP, but when server_name is followed by multiple domain names, one of the domain names cannot be accessed. The settings are as follows:

Server {listen 80; server_name xcn.cn}

Before the change, the server can be accessed through www.xcn.cn xcn.cn in server_name. After adding the setting that Nginx forbids IP access, the server cannot be accessed through xcn.cn and can be accessed by www.xcn.cn. Checking the configuration file with Nginx-t will prompt warning:

[warn]: conflicting server name "xcn.cn" on 0.0.0.0pur80

Ignored

The configuration file / usr/local/Nginx/conf/

Nginx.conf syntax is ok

Configuration file / usr/local/Nginx/conf/Nginx.

Conf test is successful

Finally, it is solved by adding server_name _; after listen 80 default;, as follows:

# prohibit IP from accessing server {listen 80 default; server_name _; return 500;}

Or

Server {listen 80 dufault; server_name _; rewrite ^ (. *) http://www.xcn.cn permanent;} # prohibits IP from accessing server {listen 80 default; server_name _; server_name xcn.cn return 500;}

In this way, the server can be accessed through xcn.cn.

The first case: visit the A station to direct to bilibili

Server {server_name www.xcn.cn; rewrite ^ (. *) http://www.xcn.cn$1 permanent;}

The second case: do not visit all of the A site redirected to the specified page

Server {server_name www.xcn.cn; if ($host! = 'jb51.net') {rewrite ^ / (. *) $http://www.xcn.cn/$1 permanent;}}

If you write it in the first server paragraph

Access using IP will also be redirected

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report