Nginx - How to disable access (http and https) to a website using IP address
Quote from HeelpBook on February 9, 2021, 10:22 pmWhile configuring a Nginx web server there is the need to prevent the use of IP address to access it and let only the access to the website using FQDN/hostname. How to do that?
While configuring a Nginx web server there is the need to prevent the use of IP address to access it and let only the access to the website using FQDN/hostname. How to do that?
Quote from HeelpBook on February 9, 2021, 10:58 pmTo prevent/block direct access to a website using IP address the following steps/methods can be followed when using Nginx (in this case).
To disable/block direct access to IP for port 80 create a new or add to an existing (as required) server configurations as follows:
server {
listen 80 default_server;
server_name _;
return 404;
}Where _ catches all the domain names pointing to our server’s IP address and the configuration will block all traffic to our IP address (http://YOUR_IP_ADDRESS) by returning the default 404 Not Found Nginx page.
To disable/block direct access to IP for port 443 we use the following in the corresponding server configuration's block:
if ($host != "example.com") {
return 404;
}Example:
server {
listen 443 ssl;
server_name example.comssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;if ($host != "example.com") {
return 404;
}
}Alternatively, we can redirect directly the request, on port 80 and/or 443 (https) by using the following approaches:
server {
listen 80;
server_name IP_ADRESS;
return 301 http://YOUR.DOMAIN;
}server {
listen 443 ssl;
server_name IP_ADRESS;
return 301 https://YOUR.DOMAIN;
}An alternative mode to disable both port 80 and 443 ports then add below code is the following, in which we will use the HTTP Response 444 : Connection Closed Without Response as response:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name "";return 444;
}
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;server_name "";
ssl_certificate /etc/nginx/fullchain.crt;
ssl_certificate_key /etc/nginx/privkey.key;return 444;
}
To prevent/block direct access to a website using IP address the following steps/methods can be followed when using Nginx (in this case).
To disable/block direct access to IP for port 80 create a new or add to an existing (as required) server configurations as follows:
server {
listen 80 default_server;
server_name _;
return 404;
}
Where _ catches all the domain names pointing to our server’s IP address and the configuration will block all traffic to our IP address (http://YOUR_IP_ADDRESS) by returning the default 404 Not Found Nginx page.
To disable/block direct access to IP for port 443 we use the following in the corresponding server configuration's block:
if ($host != "example.com") {
return 404;
}
Example:
server {
listen 443 ssl;
server_name example.com
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
if ($host != "example.com") {
return 404;
}
}
Alternatively, we can redirect directly the request, on port 80 and/or 443 (https) by using the following approaches:
server {
listen 80;
server_name IP_ADRESS;
return 301 http://YOUR.DOMAIN;
}
server {
listen 443 ssl;
server_name IP_ADRESS;
return 301 https://YOUR.DOMAIN;
}
An alternative mode to disable both port 80 and 443 ports then add below code is the following, in which we will use the HTTP Response 444 : Connection Closed Without Response as response:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name "";
return 444;
}
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name "";
ssl_certificate /etc/nginx/fullchain.crt;
ssl_certificate_key /etc/nginx/privkey.key;
return 444;
}