Questions

Forum Navigation
Please to create posts and topics.

Nginx - How to disable access (http and https) to a website using IP address

While configuring a Nginx web server there is the need to prevent the use of IP address to access it and let only the access to the website using FQDN/hostname. How to do that?

To prevent/block direct access to a website using IP address the following steps/methods can be followed when using Nginx (in this case).

To disable/block direct access to IP for port 80 create a new or add to an existing (as required) server configurations as follows:

server {
listen 80 default_server;
server_name _;
return 404;
}

Where _ catches all the domain names pointing to our server’s IP address and the configuration will block all traffic to our IP address (http://YOUR_IP_ADDRESS) by returning the default 404 Not Found Nginx page.

To disable/block direct access to IP for port 443 we use the following in the corresponding server configuration's block:

if ($host != "example.com") {
return 404;
}

Example:

server {
listen 443 ssl;
server_name example.com

ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;

if ($host != "example.com") {
return 404;
}
}

Alternatively, we can redirect directly the request, on port 80 and/or 443 (https) by using the following approaches:

server {
listen 80;
server_name IP_ADRESS;
return 301 http://YOUR.DOMAIN;
}

server {
listen 443 ssl;
server_name IP_ADRESS;
return 301 https://YOUR.DOMAIN;
}

An alternative mode to disable both port 80 and 443 ports then add below code is the following, in which we will use the HTTP Response 444 : Connection Closed Without Response as response:

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name "";

return 444;
}
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;

server_name "";

ssl_certificate /etc/nginx/fullchain.crt;
ssl_certificate_key /etc/nginx/privkey.key;

return 444;
}