NGINX, how to block a fake referral?
This is my valid domain name IP address
$ dig telcosol.net +short A
45.79.186.85
This is the fake one with same IP address (by mistake or some other reason??…)
$ dig julietmail.com +short A
45.79.186.85
For some reason that domain name record points to my site IP address.
I want to block any access that referrals julietmail.com.
I get this kind of messages in my log:
190.17.96.110 - - [02/Nov/2017:09:36:33 +0000] "GET /images/banner.jpg HTTP/1.1" 304 0 "
I tried to fix this by adding this line to my default nginx file but it didn't work:
server_name
Any suggestions?
Thanks
5 Replies
The request you posted above shows that your web server is actually replying (http 304 not modified) and not rejecting the request, so that would be your own mistake.
If you are only worried about the referral appearing in your logs, then that is not a real issue but can be avoided with a few regex rules. I use Apache so I'm not sure how to do this in nginx.
Found this link with useful information related to my issue:
I've solved the issue by redirecting the default website to a 404 and enabling my site in the vhost section. Now a 404 is given to that rogue access.
Regards
In the accepted answer, the error code mentioned is 404, which means "not found but may be available in the future" and that is incorrect since the fake domain will never be answered, thus the client needs to know this is a permanent and fatal error, not just a not found error.
I recommend returning error 400 Bad Request, which means that the server will not process the request due to a client error, which is indeed correct when the client supplied SNI host is invalid.