Detailed explanation of nginx's default_server definition and matching rules

The default_server directive of nginx can define a default server to handle some requests that do not match the server_name. If it is not explicitly defined, the first defined server will be selected as the default_server.

After understanding the above rules, we can capture unbound domain name access or direct IP access, and redirect them to 403 pages.

1. nginx implicit default server

http {
  # If no default server is explicitly declared, the first server will be implicitly set as the default server
  server {
    listen 80;
    server_name _; # _ is not the point __ It is also OK ___ You can also return 403; # 403 forbidden
  }
  
  server {
    listen 80;
    server_name www.a.com;
    ...
  }
  
  server {
    listen 80;
    server_name www.b.com;
    ...
  }
}

Many people copy and paste and spread the idea that server_name should be set to '_', but it actually has nothing to do with it. '_' is just a request recovery service that has nothing to do with business domain names. If our online businesses are all accessed by clear business domain names, some non-business domain name or IP access caused by wildcard resolution will be recycled by this server.

When the default server is not explicitly defined, nginx will use the first configured server as the default server, that is, when the request does not match any server_name, this server will handle the request. Therefore, when we access directly using the IP address, it will be handed over to the first server defined here for processing, 403 forbidden.

2. Define a default server explicitly

http {
  server {
    listen 80;
    server_name www.a.com;
    ...
  }
  
  server {
    listen 80;
    server_name www.b.com;
    ...
  }
  
  # Display the definition of a default server
  server {
    listen 80 default_server;
    server_name _;
    return 403; # 403 forbidden
  }
  
}

It is recommended to explicitly specify the default server, because when we configure virtual hosts or multiple services, there will be multiple server configuration files. If we use implicit method to select the first loaded server as the default server, we have to always confirm who is loaded first... creating risks...

3. Directly specify server_name as ip (can only prohibit ip access)

http {
  server {
    listen 80;
    server_name www.a.com;
    ...
  }
  
  server {
    listen 80;
    server_name www.b.com;
    ...
  }
  
  # Directly specify ip server_name
  server {
    listen 80;
    server_name xxx.xxx.xxx.xxx;
    return 403; # 403 forbidden
  }
  
}

All three methods above can prohibit direct access by IP, and 1 and 2 can also prohibit access by unbound domain names (for example, if you have resolved the primary domain name).

Note: When nginx batch loads configuration conf, it will load them in ascii order, which will be loaded in the order of server_a.conf server_b.conf server_c.conf. If default_server is not defined, server_a will be used as the default server to handle requests that are not bound to a domain name/IP.

This is the end of this article about the detailed explanation of nginx's default_server definition and matching rules. For more relevant nginx default_server matching rules, please search 123WORDPRESS.COM's previous articles or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!