zhaoJian's Tech Notes

Nginx Close Default Site, Empty Host Header (Forbid Direct IP Access, Prevent Malicious Domain Resolution, Prevent Unexpected Multi-site Redirects)

Technology ~1080 words · 3 min read - views

By default, NGINX will access an existing site on the server when you directly enter the IP address. This also happens if you only resolve a domain name without binding it. To prevent malicious domain resolution, prevent unexpected redirects when accessing via IP on servers with multiple sites, or to forbid direct IP access:

You can modify NGINX’s main configuration file nginx.conf to return HTTP 444 status code for empty host headers.

444 No Response An HTTP server extension on Nginx, used in Nginx logs. It indicates that the server did not return any information to the client and closed the connection (useful when deterring malware).

Add the following content to the http{} section in the NGINX configuration file:

server {
    listen 80 default;
    listen 443 default_server;    #Enable when using https/443
    ssl_certificate    xxx.pem;   #Enable when using https/443, enter path to any valid SSL certificate
    ssl_certificate_key    xxx.pem;   #Enable when using https/443, enter path to any valid SSL certificate
    server_name _;
    return 444;
}
nginx nginx close default site nginx close empty host header nginx forbid IP direct access nginx prevent malicious domain resolution nginx prevent multi-site unexpected redirect nginx IP default site redirect
Share:

Comments