Disable Direct IP Access in Nginx (HTTP & HTTPS) .

ByPieter Bakker

If you use nginx for shared hosting and thus work with server blocks (virtual hosts) it is best to block access to the web server through the server ip address both with “http” and “https”. With the solution we propose here we also prevent that domains that have an A record and thus point to the server but for which no server block has been created yet are also rejected. This also prevents a random SSL certificate from being used for virtual host for which no https was set up in the server block.

Move the nginx “default.conf” file to save as back-up.

# mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig

Create a new “default.conf” file.

# vi /etc/nginx/conf.d/default.conf

Add following code:

server {
    listen   80 default_server;
    listen [::]:80 default_server;
    listen 443 default_server ssl;
    listen [::]:443 default_server ssl;

    ssl_reject_handshake on;

    server_name _;

    return 444;
}

Check the configuration.

# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

And restart nginx.

# systemctl restart nginx

Similar Posts

|

Error 413 on large file uploads with Nextcloud behind Nginx reverse proxy.

ByPieter Bakker

If you are running Nextcloud behind a Nginx proxy server, you will need to change the maximum file size for uploads which by default is only 1MB on Nginx. You can use the “client_max_body_size” directive to set the required file size for uploading. This directive can be set in the http, server or location context….