Block direct access to IP Address in Nginx

Admit it, we've all been there! We spin up a new VPS and find out that the server was earlier being used by someone else who didn't deal with their mess properly and now all those internet zombies are now trying to find directories on your new server. While this may not be a problem for some but it definitely is an issue for people who keep a strict audit of their access log to ensure that their services are safe and working as expected. I'm one of those and I really like to keep my server logs clean while also saving myself from some potential data leak situations.

We deal with such a situation by responding with a HTTP 444 Code which means Connection closed without response. We do this in nginx default_server parameter to use all requests not already being handled by another server block to be handled by a generic server block that catches all such requests and responds with a 444 response.

server {
	
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name "";
    return 444;
}

The best location to put this code in will be /etc/nginx/sites-available/default You'll have to remove (or edit) any existing blocks that are using the default_server parameter. The above block can also be adapted to block requests for a particular domain or directory. e.g.:

server {

	listen 80;
	server_name .example.com; #Change example.com to the malicious domain
	return 444;
}

If you notice carefully, we've appended a period (.) to example.com .example.com that is due to an nginx spec which makes it possible for us to include all of the sub-domains of example.com e.g. sub.example.com or whatever.example.com into account when blocking requests. We can also serve a 404 response but that's not ideal,

If You've got any questions, feel free to ask on our forum discuss.tekduke.com