Today I was so unlucky. I found that port 80 of the server could not be accessed through IP. I was speechless. Yesterday, it was fine. I had not modified the configuration. Other ports were normal, and there was no problem with the firewall. So I asked the computer room and gave a crashing reply saying that our server had a domain name that was not registered and was notified many times by China Telecom, and then our IP port was blocked. . . . It's closed. . . Crazy, the key is that this domain name TMD is not mine
After some tossing, I found that there seems to be a loophole in the nginx configuration, which causes any domain name resolved to the server to be requested normally. Although it is a blank page, the HTTP status code It's 200.
Mainly due to the lack of the following configuration code: nginx version 1.8.0
<code><span>server</span> {
listen <span>80</span> default_server;
server_name _;
<span>return</span><span>403</span>;
}</code>causes all unconfigured server_name to return a 403 error
I have never added this configuration to Nginx before, but I have never encountered this again. Such problem, and I tested it on another server. Even without this code, it is impossible to parse and request successfully. I am very speechless.
Supplement:
After searching around, I found that Nginx should use its own unique 444 status code for this kind of problem. It seems best
<code><span>server</span> {
listen <span>80</span> default_server;
server_name _;
access_log off;
<span>return</span><span>444</span>;
}</code>In this way, when accessing on the browser side, the browser will automatically prompt the user that it cannot be accessed
The results captured through CURL (the output is HTTP error message)
The above introduces Nginx’s method to prevent malicious domain name resolution, including the relevant aspects. I hope it will be helpful to friends who are interested in PHP tutorials.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
