I have a domain example.com that i am trying to set up with caddy as a reverse proxy as well as static file host.
I have set up an a record pointing to the host ip with a wildcard record *
In my caddyfile i have this:
example.com {
root * somefiles
file_server
}
subdomain.example.com {
reverse_proxy 127.0.0.1:someport
}
I disabled ufw for this test
When i access example.com, i get an NXDOMAIN error. Pinging example.com gives me a host not found exception. However, accessing subdomain.example.com works fine and pinging it reveals the underlying ip
Anyone know the cause of this?
Related
I have following nginx configurations
if ($host != mydomain.com) {
return 403;
}
When I hit the url http://127.0.0.1/test/test2/index.php (from POSTMAN) I get 403. Fine. But adding a Host -> mydomain.com in Headers I get 200.
When I added add_header Host "$host"; in nginx configurations I noticed in response that nginx has mydomain.com in its host variable. I know intentionally mentioning Host header in http request overrides 127.0.0.1 according to nginx documentation.
But in this way an attacker can send requests direct to web server by bypassing Cloudflare WAF. so what's the solution to block such requests from nginx?
I have tried following solutions but didn't work for me.
https://www.digitalocean.com/community/questions/how-to-block-access-using-the-server-ip-in-nginx
https://blog.knoldus.com/nginx-disable-direct-access-via-http-and-https-to-a-website-using-ip/
When I hit the url http://127.0.0.1/test/test2/index.php (from POSTMAN) I get 403. Fine. But adding a Host -> mydomain.com in Headers I get 200.
If I understand correctly, you seem to think that "adding a Host" header in your request is somehow a bypass. And it's not ... it's how hostnames work in HTTP.
A server doesn't magically know that you typed http://domain.tld/test/ in your browser address bar. Your browser makes a DNS lookup for domain.tld and establishes a TCP connection with the resolved IP address; it then sends headers, which is where the server gets the information from:
GET /test/ HTTP/1.1
Host: domain.tld
That's the only way the server knows you requested http://domain.tld/test/.
add this block:
server {
listen 80 default_server;
server_name "";
return 444;
}
OR
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 444;
}
The “default_server” parameter cannot be present in any other server block. NGINX Block direct IP access.
I have a somewhat weird problem on my IIS server, running a ASP.NET Core application.
The server runs correctly when there is a binding with an empty host name (wildcard). The localhost and domain name can access it correctly using this method. When putting a localhost binding only, it works on localhost, however, when putting my host name (www.mywebsite.com, mywebsite.com), accessing the website using the domain name results in an error 404.
I tried to configure my hosts file as far as I can:
127.0.0.1 localhost
::1 localhost
127.0.0.1 mywebsite.com
127.0.0.1 www.mywebsite.com
::1 mywebsite.com
::1 www.mywebsite.com
(obviously replace mywebsite.com by the real domain name)
Thanks!
I have a Django website in DigitalOcean, everything works fine expect routing example.com to www.example.com
I normally fix this using CNAME as the following, and all answers I have found also provide this, but it doesn't work in my case:
Hostname Alias Of TTL(Seconds)
www # 43200
This normally works in GoDaddy, but in DigitalOcean the www.example.com takes me to the welcome to Nginx page.
So how can I get the www.#.com to display the website?
To future enquirers, I found a solution.
When using gunicorn and nginx as I have done in DigitalOcean
In /etc/nginx/sites-available/site-name
server {
listen 80;
server_name .example.com;
in server_name add .example.com, with emphasies to the . before example.com
and make your CNAME record as I had described in the question.
There are several questions on SO about nginx subdomain configuration but didn't find one that exactly the same as mine.
Say I got a virtual host some.example.com from higher-level net admin example.com at our organization. I want to use some.example.com as my primary site and use foo.some.example.com and bar.some.example.com for auxiliary usage (proxy, etc). I tried this simple configuration and put it under sites-enabled but didn't work:
server {
listen 80;
server_name some.example.com;
root /home/me/public_html/some;
index index.html index.htm;
}
server {
listen 80;
server_name foo.some.example.com;
root /home/me/public_html/foo;
index index.html index.htm;
}
server {
listen 80;
server_name bar.some.example.com;
root /home/me/public_html/bar;
index index.html index.htm;
}
In this setting some.example.com works fine, but for the other two browser return that could not find foo.some.example.com. I'm running it on a ubuntu server.
Is there something wrong with this configuration? Or is it something I should talk to higher level net admin (make foo.some.example.com and bar.some.example.com to be registered)?
Sub-domain configuration starts with an entry in the DNS server of the parent domain and the lookup resolves the sub-domain to an IP address of the web server. The web server in turn delegates the requests based on its configuration for the sub-domain.
If you don't have a DNS setup in your sub-domain, then the admin at example.com needs to set up a CNAME alias. The alias points the subdomain to the same web server, which hosts the website for the parent domain. The canonical names (CNAMES) are added for each of the subdomains. Once the subdomain is resolved to the IP address of the web server, the web server can route the request to a different website.
CNAME is just a way to get the web traffic to your IP address. The
request will still include the original name in the Host: header.
I'm interested in having my website show up for both of these urls - www.example.com and example.com. DNS works properly and redirects www.example.com to 184.72.232.XXX and shows the website but not example.com. I've tried 2 hostname setups:
www.example.com, canonical=true
*.example.com (unable to set canonical)
Both hostname configurations have the same result.
You'll need to add "example.com" too (and keep "*.example.com"). The wildcard only matches subdomains. If you want the www version to be the canonical hostname, you'll need to add that as well.