Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
2
2
210mev2021-01-22 00:14:06
Nginx
210mev, 2021-01-22 00:14:06

How to allow requests from only one domain in nginx?

Good time of the day.

Such a question, more about protecting the API in general, probably.
The server itself: Nginx -> pm2 -> NodeJS.
The API will only receive POST and GET requests from a few specific domains. IP cannot be guaranteed that they will always have the same ones. How can the API be protected in this case? Enable CORS only for these domains? Or is there something else that needs to be done?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
I
Ivan Shumov, 2021-01-22
@210mev

No way. Any set of headers can be faked without even going to the site) HTTP protocol is open and controlled with two fingers

Report
K
ky0, 2021-01-22
@ky0

If access is expected only from certain places - any form of authorization will do, the same tokens. If the set of sites is small and does not change very often, you can simply cover up by IP and periodically update their list.

Similar questions
I
Ingerniated2017-05-30 20:25:42
Will Soviet speakers fit a foreign amplifier? 3Reply
D
Dimonchik2015-12-30 16:44:05
How to organize a cache in the server's memory to return static from the HDD? 1Reply
P
Pista2021-01-20 20:59:32
How to set a custom nginx error page for a domain behind Cloudflare? 2Reply
E
Eugene2019-05-25 14:50:16
Googlebot knocks on the image directory and gets a 403 error. What to do? 4Reply
F
Friend2016-12-30 18:24:13
Why did the server response time (nginx uwsgi) increase? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question