Some strange host domain names were found in the nginx access log, which were not actually used. After investigation, it was found that the mapping relationship between ip and domain names can be specified in the local hosts file. In this way, you can access an arbitrary domain name to request the corresponding ip address, because nginx will use the default server to handle requests that do not match server_name. You can bypass waf, etc. in this way, or access other servernames in nginx. There will be certain risks, and you need to intercept this method.
For example, specify the IP corresponding to the hosts file
Configuration
Because nginx loads the conf configuration file in the order of ASCII by default, you can create a conf file starting from 00 to ensure that it is the first to load, and specify the default server_name in the file.
To intercept all illegal host requests
Can be usedls -nlLet’s view the ASCII order of nginx conf files.
File configuration
server {
listen 80 default_server;
server_name __;
location / {
deny all;
}
}
server {
listen 443 ssl default_server;
server_name _;
ssl_certificate cert/;
ssl_certificate_key cert/;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
deny all;
}
}This will prohibit illegal requests directly through IP or local binding domain names.
This is the article about nginx intercepting illegal hosts or directly using IP access requests. For more related nginx intercepting illegal hosts, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!