Nginx protection against malicious domain name resolution
Today is so bad. I found that port 80 of the server could not be accessed through the IP address is speechless. It was okay yesterday, and I have not modified the configuration. Other ports are normal, and the firewall is okay. So I asked the next data center and gave a crash response saying that our server had a domain name not filed for record and was repeatedly announced by China Telecom. Then we closed our ip port .... Blocked... Crazy. The key is that this domain name TMD is not mine.
After some tossing, it was found that nginx configuration seems to have a vulnerability, resulting in any domain name resolution to the server can be normal requests, although it is a blank page, but the HTTP status code is 200.
The following configuration code is missing: nginx version 1.8.0
server { listen 80 default_server; server_name _; return 403;}
Returns Error 403 for all server_name not configured.
I have not added this configuration in Nginx before, but I have never encountered this kind of problem again, and I have tested it on another server. Even without this code, it is impossible to parse and request success, it is speechless.
Supplement:
After searching for this kind of problem, I found Nginx should use its own unique 444 status code.
server { listen 80 default_server; server_name _; access_log off; return 444;}
In this way, when accessing the browser, the browser will automatically prompt that the user cannot access
<喎?http: www.bkjia.com kf ware vc " target="_blank" class="keylink"> VcD4NCjxwPjxjb2RlIGNsYXNzPQ = "hljs axapta"> Results captured through CURL (HTTP Error messages are output)