Thursday, July 18, 2013

Avoiding fake server requests in nginx

I have been having requests to my server with HTTP_HOST header or which are not related to me. They were causing error mails sent to me by my Django site since these domains were not listed in my ALLOWED_HOSTS list. I was tired of having error messages every day so after some research  I found the solution.

I told my nginx server to listen only my own domains but it was listening to other domains as well. I added the following block to the top of my config file

server {
        return 404;

before the original server settings:

server {
       listen 80;

This way any domain that is not in my list gets 404 by default. Hope it helps!

No comments: