Home > Article > Operation and Maintenance > How to prevent Nginx from being maliciously parsed by domain names

How to prevent Nginx from being maliciously parsed by domain names

WBOYforward: 2023-05-16 09:46:101185browse

Mainly due to the lack of the following configuration code: nginx version 1.8.0

server {
  listen    80 default_server;
  server_name _;
  return    403;
}

Let all unconfigured server_name return 403 error

I have never added this configuration to nginx before , but I have never encountered such a problem before, and I tested it on another server. Even without this code, it is impossible to parse and request successfully. I am very speechless.

Supplement:

After searching around, I found that nginx should use its own unique 444 status code for this kind of problem. It is best

server {
  listen    80 default_server;
  server_name _;
  access_log  off;
  return    444;
}

This way on the browser side When accessing, the browser will automatically prompt the user that the user cannot access

How to prevent Nginx from being maliciously parsed by domain names

The results captured through curl (the output is http error message)

How to prevent Nginx from being maliciously parsed by domain names

The above is the detailed content of How to prevent Nginx from being maliciously parsed by domain names. For more information, please follow other related articles on the PHP Chinese website!

Statement：

This article is reproduced at:yisu.com. If there is any infringement, please contact admin@php.cn delete

Previous article：How to install Nginx server on UbuntuNext article：How to install Nginx server on Ubuntu

See more

How to prevent Nginx from being maliciously parsed by domain names

Related articles