How to prevent Nginx from being maliciously resolved by domain names-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

How to prevent Nginx from being maliciously resolved by domain names

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 29, 2016 am 09:09 AM

addclassnamenginxserver

Today I was so unlucky. I found that port 80 of the server could not be accessed through IP. I was speechless. Yesterday, it was fine. I had not modified the configuration. Other ports were normal, and there was no problem with the firewall. So I asked the computer room and gave a crashing reply saying that our server had a domain name that was not registered and was notified many times by China Telecom, and then our IP port was blocked. . . . It's closed. . . Crazy, the key is that this domain name TMD is not mine

After some tossing, I found that there seems to be a loophole in the nginx configuration, which causes any domain name resolved to the server to be requested normally. Although it is a blank page, the HTTP status code It's 200.

Mainly due to the lack of the following configuration code: nginx version 1.8.0

<code><span>server</span> {
    listen       <span>80</span>  default_server;
    server_name  _;
    <span>return</span><span>403</span>;
}</code>

causes all unconfigured server_name to return a 403 error

I have never added this configuration to Nginx before, but I have never encountered this again. Such problem, and I tested it on another server. Even without this code, it is impossible to parse and request successfully. I am very speechless.

Supplement:

After searching around, I found that Nginx should use its own unique 444 status code for this kind of problem. It seems best

<code><span>server</span> {
    listen       <span>80</span>  default_server;
    server_name  _;
    access_log   off;
    <span>return</span><span>444</span>;
}</code>

In this way, when accessing on the browser side, the browser will automatically prompt the user that it cannot be accessed

Nginx 防止被域名恶意解析的方法

The results captured through CURL (the output is HTTP error message)

Nginx 防止被域名恶意解析的方法

').addClass('pre-numbering').hide(); $(this).addClass('has-numbering').parent().append($numbering); for (i = 1; i ').text(i)); }; $numbering.fadeIn(1700); }); });

The above introduces Nginx’s method to prevent malicious domain name resolution, including the relevant aspects. I hope it will be helpful to friends who are interested in PHP tutorials.

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

内存飙升！记一次nginx拦截爬虫Mar 30, 2023 pm 04:35 PM

本篇文章给大家带来了关于nginx的相关知识，其中主要介绍了nginx拦截爬虫相关的，感兴趣的朋友下面一起来看一下吧，希望对大家有帮助。

如何安装、卸载、重置Windows服务器备份Mar 06, 2024 am 10:37 AM

WindowsServerBackup是WindowsServer操作系统自带的一个功能，旨在帮助用户保护重要数据和系统配置，并为中小型和企业级企业提供完整的备份和恢复解决方案。只有运行Server2022及更高版本的用户才能使用这一功能。在本文中，我们将介绍如何安装、卸载或重置WindowsServerBackup。如何重置Windows服务器备份如果您的服务器备份遇到问题，备份所需时间过长，或无法访问已存储的文件，那么您可以考虑重新设置WindowsServer备份设置。要重置Windows

nginx+rsync+inotify怎么配置实现负载均衡May 11, 2023 pm 03:37 PM

实验环境前端nginx：ip192.168.6.242，对后端的wordpress网站做反向代理实现复杂均衡后端nginx：ip192.168.6.36，192.168.6.205都部署wordpress，并使用相同的数据库1、在后端的两个wordpress上配置rsync+inotify，两服务器都开启rsync服务，并且通过inotify分别向对方同步数据下面配置192.168.6.205这台服务器vim/etc/rsyncd.confuid=nginxgid=nginxport=873ho

nginx php403错误怎么解决Nov 23, 2022 am 09:59 AM

nginx php403错误的解决办法：1、修改文件权限或开启selinux；2、修改php-fpm.conf，加入需要的文件扩展名；3、修改php.ini内容为“cgi.fix_pathinfo = 0”；4、重启php-fpm即可。

如何解决跨域？常见解决方案浅析Apr 25, 2023 pm 07:57 PM

跨域是开发中经常会遇到的一个场景，也是面试中经常会讨论的一个问题。掌握常见的跨域解决方案及其背后的原理，不仅可以提高我们的开发效率，还能在面试中表现的更加

nginx部署react刷新404怎么办Jan 03, 2023 pm 01:41 PM

nginx部署react刷新404的解决办法：1、修改Nginx配置为“server {listen 80;server_name https://www.xxx.com;location / {root xxx;index index.html index.htm;...}”；2、刷新路由，按当前路径去nginx加载页面即可。

nginx怎么禁止访问phpNov 22, 2022 am 09:52 AM

nginx禁止访问php的方法：1、配置nginx，禁止解析指定目录下的指定程序；2、将“location ~^/images/.*\.(php|php5|sh|pl|py)${deny all...}”语句放置在server标签内即可。

Windows Server 2025预览版迎来更新，微软改善Insiders测试体验Feb 19, 2024 pm 02:36 PM

在发布WindowsServer的build26040版本之际，微软公布了该产品的官方名称：WindowsServer2025。一同推出的，还有Windows11WindowsInsiderCanaryChannel版本的build26040。有些朋友可能还记得，多年前有人成功将WindowsNT从工作站模式转换为服务器模式，显示微软操作系统各版本之间的共性。尽管现在微软的服务器操作系统版本和Windows11之间有明显区别，但关注细节的人可能会好奇：为什么WindowsServer更新了品牌，

See all articles