Configure Nginx to disable access from IP addresses and unbound domain names

At present, many data centers in China require the website owner to disable the empty host header to prevent troubles caused by domain names not on the north shore.

You can set it as follows:

For example, if the following code returns a 500 response for the default access, the willingness of the attacker is lost.

1. Directly return 500

The code is as follows:	Copy code
Server { Listen 80 default; Return 500; }

There are multiple different methods, such as setting 500 for the default host to return, or directly using rewrite to jump to another address, of course, you can also change to jump to your own website, it can also bring traffic.

The code is as follows:	Copy code
Server { Listen 80 default; Rewrite ^ (. *) http://www.111cn.net permanent; }

The first method is recommended in the above method. Next let's take a look.

The main idea is to use your blog as a virtual host, and access by IP address is to access default_server, while default_serverv can redirect it to a blog or directly cause errors.

Check Nginx. conf below.

The code is as follows:

Copy code

1 server { 2 listen 80; 3 server_name serholiu.com;  4 5 # Allow file uploads 6 client_max_body_size 50 M;  7 8 location ^ ~ /Static /{ 9 root/home/blog/app; 10 if ($ query_string ){ 11 expires max; 12} 13} 14 location =/favicon. ico { 15 rewrite (. *)/static/favicon. ico; 16} 17 location =/robots.txt { 18 rewrite (. *)/static/robots.txt; 19} 20 location /{ 21 proxy_pass_header Server; 22 proxy_set_header Host $ http_host; 23 proxy_redirect off; 24 proxy_set_header X-Real-IP $ remote_addr; 25 proxy_set_header X-Scheme $ scheme; 26 proxy_pass http://www.111cn.net; 27} 28}

This is the configuration file of my blog. I have nothing to say. Use Nginx for reverse proxy. If only this Server is used, the access IP address or other domain names bound with this IP address will also directly access this blog. Now you only need one Default Server, as shown below:

The code is as follows:	Copy code
1 server { 2 listen 80 default_server; 3 server_name _; 4 5 location /{ 6 root/home/www; 7 index index.html index.htm; 8} 9}

In this way, resources in/home/www will be accessed through IP addresses or other unspecified domain names. Of course, you can directly report an error.