Created
May 28, 2024 18:54
-
-
Save eyzmeng/9e675be8eef278147c55d61703e6e85e to your computer and use it in GitHub Desktop.
nginx configs i use to ban direct http(s) access by ip
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# place this file in somewhere | |
# /etc/nginx/nginx.conf can see | |
# | |
# i personally just called this | |
# /etc/nginx/boot_invalid_host.conf | |
# and added | |
# include boot_invalid_host.conf; | |
# in nginx.conf though... o_o | |
# the setting was 99% based on this: | |
# https://stackoverflow.com/a/45496458 | |
# (i do not guarantee that the 443 block | |
# works though, or if the logs make sense, | |
# or if anything at all makes sense really) | |
# protip: use a more descriptive message | |
# for return, or just don't say anything | |
# at all and make the bots go figure (: | |
server { | |
server_name ""; | |
listen 80; | |
access_log /var/log/nginx/BAD_HOST_http_access.log; | |
error_log /var/log/nginx/BAD_HOST_http_errors.log warn; | |
default_type text/plain; | |
return 444 "Your Host header is acting sus >:(\n"; | |
} | |
server { | |
server_name ""; | |
listen 443 ssl; | |
access_log /var/log/nginx/BAD_HOST_https_access.log; | |
error_log /var/log/nginx/BAD_HOST_https_errors.log warn; | |
ssl_certificate ******.fullchain.cer; | |
ssl_certificate_key ******.key; | |
default_type text/plain; | |
return 444 "Your Host header is acting sus >:(\n"; | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment