Welcome! Log In Create A New Profile

Advanced

How to block invalid hosts

Posted by 5starkarma 
How to block invalid hosts
May 22, 2022 12:39PM
I am getting spammed by bots getting past nginx. I need to stop these bots at Nginx. The emails I get are Django logs which say "Invalid host header". My Nginx.conf file looks like this:

```
upstream backend_server {
server backend:8000;
}

upstream backend_asgi {
server backend_asgi:8001;
}

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name .example.com;
return 444;

location /.well-known/acme-challenge/ {
root /var/www/certbot;
}

location ~* ^/(api|admin|static|v2) {
return 301 https://$host$request_uri;
}

location / {
return 301 https://$host$request_uri;
}
}

server {
listen 443 default_server ssl;
listen [::]:443 default_server ssl;
server_name .example.com;

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

location /ws/ {
proxy_pass http://backend_asgi;

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}

location ~ ^/v2(?:/(.*))?$ {
root /usr/share/nginx/html;
index index.html;
try_files $uri $uri/ /v2/index.html =404;
}

location /backend_static/ {
alias /backend/assets/;
}

location /media/ {
alias /backend/media/;
}

location ~* ^/(api|admin) {
proxy_pass http://backend_server$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $https;
proxy_connect_timeout 360s;
proxy_read_timeout 360s;
}

}
```
If I put `return 444` in the ssl server block it blocks all traffic. How can I block all request which are not to my domain?



Edited 1 time(s). Last edit at 05/22/2022 12:40PM by 5starkarma.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 235
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready