Nginx configuration to prevent malicious domain name resolution

Why prohibit IP access to pages? This is to prevent others from resolving the unregistered domain name to their own server IP address, which leads to the server being disconnected from the network. We can prevent such things by banning IP access.

The technical reason is that if the site allows direct IP access, then the malicious unregistered domain name can be accessed by your site without resolving it in the Nginx configuration.

Relevant departments for verification, will think that you did not record the domain name to provide host services, the consequences is blocked IP. Therefore, you need to disable IP access and only allow access to the server_name of the server module that you configured yourself. So even if the unrecorded domain name is bound to your IP, you can not visit your website.

  1. First, edit the nginx configuration file nginx.conf to add a server module. The first sentence of Listen 80 default disables IP access, and the second sentence indicates that 500 errors are returned if access is through IP or nginx unresolved domain names.
server {
		listen 80 default;
		return 500;
	}
Copy the code
  1. If you divert IP access and unresolved domain name access to your own domain name, thus causing some additional traffic, configure the following:
server {
		listen 80 default;
		rewrite ^(.*) http://www.yunxr.top/ permanent;
	}
Copy the code

When accessing the IP address, it will locate the specified domain name.