Forum List Message List New Topic Print View

kaushalshriyan

February 28, 2020 05:00AM

Registered: 5 years ago
Posts: 94

On Fri, Feb 28, 2020 at 2:29 PM Reinis Rozitis <r@roze.lv> wrote:

> > So either place it as first or add listen 443 default_server;
>
> By first I mean the "catch all" server { server_name _; .. } block.
>
> rr
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

Hi Reinis,

I did follow your steps. My nginx.conf file is
https://paste.centos.org/view/ae22889e when I run the curl call, I am still
receiving HTTP 200 OK response instead of HTTP 444 (No Response) as per the
below output

#*curl --verbose --header 'Host: www.example.com
> http://www.example.com/' https://developer-nonprod.example.com
> https://developer-nonprod.example.com/*
> > GET / HTTP/1.1
> > Host: www.example.com
> > User-Agent: curl/7.64.1
> > Accept: */*
> >
> < HTTP/1.1 200 OK
> < Server: nginx
> < Content-Type: text/html; charset=UTF-8
> < Transfer-Encoding: chunked
> < Connection: keep-alive
> < X-Powered-By: PHP/7.2.27
> < Cache-Control: must-revalidate, no-cache, private
> < Date: Fri, 28 Feb 2020 07:02:00 GMT
> < X-Drupal-Dynamic-Cache: MISS
> < X-UA-Compatible: IE=edge
> < Content-language: en
> < X-Content-Type-Options: nosniff
> < X-Frame-Options: SAMEORIGIN
> < Expires: Sun, 19 Nov 1978 05:00:00 GMT
> < Vary:
> < X-Generator: Drupal 8 (https://www.drupal.org)
> < X-Drupal-Cache: MISS
> <

#*curl --verbose --header 'Host: www.evil.com
> http://www.evil.com/' https://developer-nonprod.example.com
> https://developer-nonprod.example.com/*
> > GET / HTTP/1.1
> > Host: www.evil.com
> > User-Agent: curl/7.64.1
> > Accept: */*
> >
> < HTTP/1.1 200 OK
> < Server: nginx
> < Content-Type: text/html; charset=UTF-8
> < Transfer-Encoding: chunked
> < Connection: keep-alive
> < X-Powered-By: PHP/7.2.27
> < Cache-Control: must-revalidate, no-cache, private
> < Date: Fri, 28 Feb 2020 06:59:41 GMT
> < X-Drupal-Dynamic-Cache: MISS
> < X-UA-Compatible: IE=edge
> < Content-language: en
> < X-Content-Type-Options: nosniff
> < X-Frame-Options: SAMEORIGIN
> < Expires: Sun, 19 Nov 1978 05:00:00 GMT
> < Vary:
> < X-Generator: Drupal 8 (https://www.drupal.org)
> < X-Drupal-Cache: MISS
> <

Thanks once again for all your help and I look forward to hearing from you.

Best Regards,

Kaushal
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Prevent Arbitary HTTP Host header in nginx	kaushalshriyan	February 27, 2020 01:36PM
RE: Prevent Arbitary HTTP Host header in nginx	Reinis Rozitis	February 27, 2020 02:52PM
Re: Prevent Arbitary HTTP Host header in nginx	kaushalshriyan	February 28, 2020 02:24AM
RE: Prevent Arbitary HTTP Host header in nginx	Reinis Rozitis	February 28, 2020 02:54AM
Re: Prevent Arbitary HTTP Host header in nginx	kaushalshriyan	February 28, 2020 03:24AM
RE: Prevent Arbitary HTTP Host header in nginx	Reinis Rozitis	February 28, 2020 03:58AM
RE: Prevent Arbitary HTTP Host header in nginx	Reinis Rozitis	February 28, 2020 04:00AM
Re: Prevent Arbitary HTTP Host header in nginx	kaushalshriyan	February 28, 2020 05:00AM
RE: Prevent Arbitary HTTP Host header in nginx	Reinis Rozitis	February 28, 2020 10:40AM
Re: Prevent Arbitary HTTP Host header in nginx	kaushalshriyan	February 28, 2020 12:50PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

toft6633

Guests: 243

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018