How to block access to the site if the user is not using the domain, but only through a public IP?

Question

I have a public IP where my site is hosted(VPS), then I use Nginx docker and some backend, then I proxy the domain through Cloudflare to my public IP, everything works fine but I noticed that Nginx lets the site by IP although I have server_name set in the Nginx config. This is not safe for me, so I am asking you.

nginx.conf

server {
    listen 80;
    listen [::]:80;

    server_name example.com www.example.com;

    gzip on;
    gzip_disable "msie6";
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    location / {
            proxy_pass http://nodejs:3000;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

I have a suspicion that the server_name directive inside docker simply does not work, am I right?

docker is irrelevant. If you're using a CDN/filter like Cloudflare, normally you should set your firewall to prevent any access to your system by anybody other than the CDN. But if you don't, [nginx by default uses the first (and here only) `server` block for requests without a valid name](https://stackoverflow.com/questions/9824328/why-is-nginx-responding-to-any-domain-name) which is ontopic [here](https://serverfault.com/questions/559095/nginx-responding-to-unknown-host-names) and [here](https://serverfault.com/questions/661953/how-can-i-block-requests-with-the-wrong-host-header-set) — dave_thompson_085, Dec 11 '21 at 21:15

score 0 · Accepted Answer · answered Dec 12 '21 at 00:43

0

you just need to add this fragment to the beginning of the code:

server {
  listen 80 default_server;
  return 444;
}

answered Dec 12 '21 at 00:43

noNamich

33
1
5

How to block access to the site if the user is not using the domain, but only through a public IP?

1 Answers1