Answer the question
In order to leave comments, you need to log in
D
D
Dmitry2021-07-27 08:58:43
Dmitry, 2021-07-27 08:58:43
Nginx, how to disable invalid subdomains?
Recently, entries began to appear in the logs:
[Django] ERROR (EXTERNAL IP): Invalid HTTP_HOST header: '_tcp.domain.name. The domain name provided is not valid according to RFC 1034/1035
It was decided to cut such invalid domains on nginx. Google found the following regex for validation: https://stackoverflow.com/a/7933253/13084502
In the nginx config I wrote:
map $host $host_valid {
"~^(?!.{256})(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+(?:[a-z]{1,63}|xn--[a-z0-9]{1,59})$" 1;
default 0;
}
server {
listen 443 ssl;
server_name ~^(\w+)\.domain.name$;
if ($host_valid = 0) {
return 444;
}
...
}It works on the test server. Because I don’t have enough experience in configuring nginx, so before pushing it to the worker I ask for advice: is this solution correct, are there any pitfalls? Confuses the presence of if. As I understand it, this is not welcome among professionals. Maybe there is a simpler and more elegant solution?
1 answer(s)
@ky0
K
ky0, 2021-07-27 @ky0
You don't need to cut anything on purpose, it's enough to configure default_server with a twist, which will not skip requests for hosts not listed in the settings.
upd. read your comment above - but it doesn't change anything. Add server_namewith a wildcard that will process any of your subdomains, and the rest will fight back.
Similar questions
L
D
L
R
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question