情景:比如 test.com这个一级域名在万网或西部数码上泛解析到阿里云主机上192.168.1.10上(* 泛解析),解析生效后,在浏览器上输入a.test.com、b.test.com..........都可以直接访问到云主机。实际上我们只允许在Nginx配置过的二级域名访问,其他没有配置文件的二级域名需要拒绝,防止恶意访问。
第一种:
返回HTTP 状态码
server {
listen 80 default;
server_name _;
return 403;
}
default表示默认主机
403为Http状态码,可根据需要修改
这样可以屏蔽所有域名(除了你自己绑定的)和IP的访问。
我们也可以吧return 403;改成重定向,把非法访问重定向到其他地址
第二种:
server {
listen 80 default;
server_name _;
rewrite ^(.*) http://www.baidu.com permanent;
}
改成重定向,把非法访问重定向到其他地址
#######################################################################
#
# This is the main Nginx configuration file.
#
# More information about the configuration options is available on
# * the English wiki - http://wiki.nginx.org/Main
# * the Russian documentation - http://sysoev.ru/nginx/
#
#######################################################################
#----------------------------------------------------------------------
# Main Module - directives that cover basic functionality
#
# http://wiki.nginx.org/NginxHttpMainModule
#
#----------------------------------------------------------------------
user nginx;
#worker_processes 16;
worker_processes 4;
######add parameter######
worker_rlimit_nofile 65535;
######end add ###########
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
#----------------------------------------------------------------------
# Events Module
#
# http://wiki.nginx.org/NginxHttpEventsModule
#
#----------------------------------------------------------------------
events {
#####add parameter #####
use epoll;
worker_connections 65535;
#####end add ###########
#worker_connections 1024;
}
#----------------------------------------------------------------------
# HTTP Core Module
#
# http://wiki.nginx.org/NginxHttpCoreModule
#
#----------------------------------------------------------------------
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
server_names_hash_bucket_size 512;
#keepalive_timeout 0;
keepalive_timeout 300;
tcp_nodelay on; ######add file
fastcgi_connect_timeout 300s;
fastcgi_send_timeout 300s;
fastcgi_read_timeout 300s;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 32k;
fastcgi_busy_buffers_size 64k;
fastcgi_temp_file_write_size 64k;
#gzip on;
# Load config files from the /etc/nginx/conf.d directory
# The default server is in conf.d/default.conf
client_header_buffer_size 128k; #####add file
large_client_header_buffers 4 128k; #####add file
server{
listen 80 default;
rewrite ^(.*) http://ifengniu.com permanent;
}
include /etc/nginx/conf.d/*.conf;
include sites-enabled/*;
}
二级域名的配置没有变化