Nginx reverse proxy, only allow connection from hostname not ip

Question

Is it possible to allow only users typing in xxxxxx.com (fictive), so they should make a DNS-lookup and connect. And block users who uses my public ip to connect ?

C

Answer 1

The $http_host parameter is set to the value of the Host request header. nginx uses that value to select a server block. If a server block is not found, the default server is used, which is either marked as default_server or is the first server block encountered. See this documentation.

To force nginx to only accept named requests, use a catch all server block to reject anything else, for example:

server {
    listen 80 default_server;
    return 403;
}

server {
    listen 80;
    server_name www.example.com;
    ...
}

With the SSL protocol, it depends on whether or not you have SNI enabled. If you are not using SNI, then all SSL requests pass through the same server block, in which case you will need to use an if directive to test the value of the $http_host value. See this and this for details.