Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
2
2
210mev2021-01-22 00:14:06
Nginx
210mev, 2021-01-22 00:14:06

How to allow requests from only one domain in nginx?

Good time of the day.

Such a question, more about protecting the API in general, probably.
The server itself: Nginx -> pm2 -> NodeJS.
The API will only receive POST and GET requests from a few specific domains. IP cannot be guaranteed that they will always have the same ones. How can the API be protected in this case? Enable CORS only for these domains? Or is there something else that needs to be done?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
I
Ivan Shumov, 2021-01-22
@210mev

No way. Any set of headers can be faked without even going to the site) HTTP protocol is open and controlled with two fingers

Report
K
ky0, 2021-01-22
@ky0

If access is expected only from certain places - any form of authorization will do, the same tokens. If the set of sites is small and does not change very often, you can simply cover up by IP and periodically update their list.

Similar questions
E
exxagw2016-06-22 16:47:52
How to redirect to nginx? 1Reply
A
atawerrus2018-11-21 08:40:31
Nginx redirect requests? 1Reply
D
Dmitry2016-06-24 10:06:45
NGINX - how to make a big blacklist? 1Reply
U
UntitledNikname2020-09-26 11:48:20
Why can't I get POST parameters? 0Reply
S
Sergey Sashkin2018-11-24 20:58:54
How are services discovered by web servers? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question