How to Block Other Domain Access to Your Nginx Web Server
By default, Nginx doesn't block unwanted access to your web server when it's done directly to your server's IP address. This means that anyone can potentially access your server's resources. Here is how you can fix this issue.
Prerequisites
An Nginx web server installed and running.
Must be logged in with SSH and basic Linux commands
Open the Nginx Configuration File
Open your Nginx configuration file using a text editor. Typically, the file is located at /etc/nginx/sites-available/
You can use the command, nano filename
to edit the file.
Modify the Configuration
Step 1: Your default_server should close all connections
Modify your Nginx default.conf /etc/nginx/sites-available/default.conf
,
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name "";
return 444; #CONNECTION CLOSED WITHOUT RESPONSE
}
This change closes the connection whenever Nginx receives a request without a domain name.
Step 2: Your virtual host should check the server name and close unwanted connections
Modify your virtual host file, /etc/nginx/sites-available/example.com
server {
...
# Only allow access if the host is correct
# Block other domain access
if ($host !~* ^(example\.com|www\.example\.com)$) {
return 403;
}
...
}
This simply disconnects the connection if the request was made to an unexpected domain.
Reload nginx and test the results
Test the Nginx configuration for any syntax errors:
sudo nginx -t
If the configuration test is successful, restart Nginx:
sudo service nginx restart
Done.