Skip to content

Instantly share code, notes, and snippets.

Last active March 18, 2018 08:33
What would you like to do?
prevent web site being mirrored

I thought something before, when I check nginx's log, I found a wired hostname.

After checking, I think out website was mirrored.

I think they parsed their domain by CNAME to our domain, and we don't do any host check at that time.

To prevent being mirrored again, I add host check configuration in nginx.conf

set $flag 0;
if ($host = '') {
    set $flag 1;
if ($host = '') {
    set $flag 1;
if ($flag = 0){
    return 403;

By adding this, nginx will check every request to see if it's from our domain, if not, return 403 response code.

After this, our website was no longer mirrored again.

Nginx Version: 1.9.12

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment