Nginx prevents others from resolving domain names to your website method - the road to building dreams

Enterprise 2023-07-15 20:06:53 views: null

Why did you do this?

  • Domain Transfer: When someone decides to transfer their domain name from one hosting provider to another, they may temporarily resolve the domain name to your website to ensure the website remains accessible during the transfer process .

  • Attack: Malicious users may resolve domain names they control to your website in an attempt to attack users of your website through phishing, fraud, or other malicious behavior.

  • Test: Some people may resolve their domain name to your website to test the correctness of domain name resolution and other related settings.

How?

When someone resolves their domain name to your website, they do so by modifying the DNS records in their domain name resolver (DNS). They need to point the domain name to your server's IP address or specify a CNAME record to redirect to your website.

How to defend?

  • IP filtering: Configure IP filtering rules on the server to only allow specific IP addresses to access the website. In this way, unless the IP address of the server is known, other people cannot access the website even if the domain name is resolved to the server.

  • Domain name verification: Set up a domain name verification mechanism to only allow domain names in the whitelist to access the website. The authentication mechanism checks the Host header field in the access request and matches it with the predefined allowed domain names. Domains not in the whitelist will return an error page or redirect to another page.

  • TLS Certificate Verification: Configure the website to use HTTPS and enable TLS certificate verification. If the domain name is resolved to the website but the valid TLS certificate is not correctly configured, the browser will display a warning message of certificate error to remind the user to pay attention.

  • Restricting access: Use authentication, access control lists, or other access control mechanisms to allow only authenticated or authorized users to access the site. This will help prevent malicious users from accessing the website, even if they resolve the domain name to the server.

  • Default Server Settings: Configure a default server block that handles requests that do not match any domain names. That way, if someone resolves an unknown domain name to your server, you can choose how to handle those requests to prevent unauthorized access.

Configuration example


# IP过滤
location / {
    allow 192.168.1.100;  # 允许特定IP地址访问
    deny all;  # 拒绝其他IP地址访问
}

# 域名验证
server {
    if ($host !~* ^(yourdomain\.com)$) {
        return 403;  # 拒绝访问
    }
    # 其他配置项...
}

# TLS证书验证
server {
    listen 443 ssl;
    server_name yourdomain.com;
    ssl_certificate /path/to/your/certificate.crt;
    ssl_certificate_key /path/to/your/private.key;
    # 其他配置项...
}

# 限制访问
location / {
    auth_basic "Restricted";
    auth_basic_user_file /path/to/your/.htpasswd;
    # 其他配置项...
}

# 默认服务器设置
server {
    listen 80 default_server;
    return 403;  # 拒绝未知域名的访问
}

Guess you like

Origin blog.csdn.net/qq_34777982/article/details/131701547
Recommended
Ranking
SpringBoot-integrate redis
[Sword pointing to offer] Interview question 03: Repeated numbers in an array
Arrangement "Offer Penalty for prove safety" string
Browser prevent the automatic generation of fill and Echo have been saved account solutions
Work hard and never slacken——2022 Yinmai Information Year-End Summary
Install jdk7 on Linux system
App common dependency management tools
EduCoder-Web程序设计基础-html5— 给表单组件添加说明-第1关:label标签相关概念
Machine learning - clustering - density clustering algorithm notes
Ant's large model is exposed, AI+ finance enters the "big model" era
Daily
More
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)

Code World

© 2018 codetd.com