gaja-group
/
server-configs-nginx
mirror of https://github.com/h5bp/server-configs-nginx
2
0
Fork 0
Code Issues Releases Wiki Activity

Add an ssl no-default example 

I.e. an example of this:

    -> curl -kI -H "Host: valid.com" https://localhost
    HTTP/1.1 200 OK
    ...
    -> curl -kI -H "Host: invalid.com" https://localhost
    curl: (52) Empty reply from server

Whether this works or not depends on SNI.
This commit is contained in:
Andy Dawson 2016-06-08 09:35:40 +02:00
parent 6be3c46535
commit 7a0e282dd0
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sites-available/ssl.no-default Normal file
View File

@ -0,0 +1,12 @@
# Drop requests for unknown hosts
#
# If no default server is defined, nginx will use the first found server.
# To prevent host header attacks, or other potential problems when an unknown
# servername is used in a request, it's recommended to drop the request
# returning 444 "no response".
server {
listen 443 ssl default_server;
include h5bp/direcitve-only/ssl.conf
return 444;
}