0

Our Application is running on NGiNX sever and logic decide database according to host.

From last few day one of our customer overriding host, user-agent and other header and NGiNX is unable to get the exact header details and our application goes confuse.

GET /api/http.php” _ 200 24 “-” “-” “-” “_” “-” to: 10.0.0.48:8080: 0.014 request_time 0.153

Normally we get

 /index.php HTTP/1.1” vtermination.com 302 5 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36” “-” “_” “-” to: 10.0.0.27:8080: 0.004 request_time 0.347

Is is possbile that NGiNX will not replace header like host and user agent?

1 Answers1

0

The header variables are set by the HTTP client connecting to your server.

nginx does not override those headers in any way, so your application has to be prepared to get arbitrary values from those headers.

However, if your only concern is the HTTP Host header, then you can restrict what requests nginx will pass up to your application.

The configuration should look something like this:

server {
    listen 443 ssl;
    listen 80;
    server_name example.com;

    ... rest of application and SSL configuration ...
}

server {
    listen 443 ssl default_server;
    listen 80 default_server;

    ... SSL configuration with self-signed keys ...

    return 404;
}

The server_name in first configuration block makes nginx send requests only to that block when the Host header is example.com. You need to change your own domain(s) to that line.

The second server block is used for all other values of Host header, or all requests without Host header. In this case, we simply respond HTTP status code 404 to every request.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63