Your current configuration allows specific domains to reach the app server and you noticed that subdomains not included in the configuration are also reaching the server. You wish to know how to block these subdomains. For example, the server_name in your configuration includes www.domain.com. You wish to block subdomain.domain.com from reaching the app server. This article describes the process to achieve this.
By default, Nginx will route any requests reaching it to either the first server block with a
server_namematching the request host or just the first server block full stop for requests without a matching
This means that any domains pointed to the IP of the instance/environment will reach the application.
In order to prevent this, you will need to add another
serverblock (or blocks in the case of SSL listeners needed too) to the
holos.conffile to reject any domains not specifically listed in the configuration.
These would have the same
server_namecould either be
_for a wildcard or specific domains as required. It would then
returnthe required response instead of sending requests onto the app. You can configure the response to be 404 (not found), 403 (denied), or 444 (no response) as you prefer.
listen 8081 proxy_protocol; # xLB Load Balancer port 8081
listen 8091 proxy_protocol; # HAproxy port 8091
When using the
_ wildcard, this server needs to be the first listed in the configuration. Requests without a matching
server_namedefined in later blocks in the configuration are directed to the first
server, as it is the default one.