Home > Article > Backend Development > Nginx prohibits direct use of IP or unbound domain names to access the web server
Today, we will set up Nginx to prohibit access to the server through IP. It can only be accessed through domain name. This is to prevent others from parsing unregistered domain names to their own server IP and causing the server to be disconnected. I found the following solution from the Internet Solution:
Nginx’s default virtual host takes effect when the user accesses through IP or accesses through an unset domain name (for example, someone points his own domain name to your IP). The most critical point is that in the server Add this line in the settings:
listen 80 default; #The default parameter after # indicates that this is the default virtual host.
This setting is very useful.
For example, when someone accesses your website through IP or unknown domain name, and you want to prevent any valid content from being displayed, you can return 500 to him.
Currently, many computer rooms in China require website owners to turn off empty host headers to prevent unregistered domain names from pointing to them. Create trouble. You can set it like this:
server {
listen 80 default;
return 500;
}
You can also collect this traffic and import it to your own website. Just make the following jump settings:
server {
listen 80 default;
rewrite ^(.*) http://www.linuxidc.com permanent;
}
============================== ===
After setting up as above, it is true that the server cannot be accessed through IP, but when the server_name is followed by multiple domain names, one of the domain names cannot be accessed:
The settings are as follows:
server
{
listen 80;
server_name www.linuxidc.com linuxidc.com
Before changing, the server can be accessed through www.linuxidc.com and linuxidc.com in server_name. After adding the setting to prohibit IP access, the server cannot be accessed through linuxidc.com. Now, www.linuxidc.com can be accessed
Using nginx -t to detect the configuration file will prompt warning:
[warn]: conflicting server name “linuxidc.com” on 0.0.0.0:80, ignored
the configuration file /usr /local/webserver/nginx/conf/nginx.conf syntax is ok
configuration file /usr/local/webserver/nginx/conf/nginx.conf test is successful
Finally, add server_name _ after listen 80 default;; The solution is as follows:
#Block IP access
server
{
listen 80 default;
server_name _;
server_name www.linuxidc.com linuxidc.com
return 500;
}
or
server {
listen 80 dufault;
server_name _;
server_name www.linuxidc.com linuxidc.com
rewrite ^(.*) http://www.linuxidc.net permanent;
}
In this way, through linuxidc.com I can access the server and the problem is solved, but the specific cause is still unclear.
nginx forwarding:
The first situation: accessing site A is directed to site B
server {
server_name www.linuxidc.net;
rewrite ^(.*) http://www.linuxidc.com$1 permanent;
}
Second case: Not all visits to site A are redirected to the specified page
server {
server_name www.linuxidc.net;
if ($host != 'linuxidc.net' ) {
rewrite ^/(.* )$ http://www.linuxidc.com/$1 permanent;
}
}
If written in the first server segment
It will also be redirected when accessed using IP
But there is still a problem with this , I need to use IP to access some special addresses, and others are prohibited. How to configure it? For example, I want Monitoring Treasure to directly access the nginx status information of my machine using IP, and all other requests accessed using IP will be redirected to the domain name.
This way we achieve the function we want.
The above introduces Nginx’s prohibition on directly using IP or unbound domain names to access the web server, including the relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.