skip to Main Content

is it possible to block HTTPS using the IP address?

So that you cannot access my website using the IP address with HTTPS port 443.

Thanks in advance!

4

Answers


  1. You can specify only a listen port in Nginx configuration.
    The application will be exposed only by the Nginx listen port

    Login or Signup to reply.
  2. Just add listen to 443 and change the server_name with your IP address, so it looks like this:

    server {
        listen 443;
        server_name your_ip_address;
        return 403;
    }
    

    Don’t forget to check the syntax if it is successful or not: sudo nginx -t

    And reload your Nginx server: sudo systemctl reload nginx

    Login or Signup to reply.
  3. Found this thread on my own search for a solution. The site linked below posts a solution to reject any unconfigured ssl requests. It worked well for what I needed.

    https://www.zacharyschneider.ca/2020/03/nginx-block-direct-ip-access/

    Code block included for ease of access, all credit to zacharyschneider.ca for this solution.

    server {
        listen      443 ssl default_server;
        listen [::]:443 ssl default_server;
    
        # Disable logging
        error_log  /dev/null;
        access_log off;
    
        # Snakeoil TLS to appease Nginx
        ssl_certificate     /etc/ssl/certs/ssl-cert-snakeoil.pem;
        ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
        ssl_stapling        off;
        ssl_ciphers         NULL;
    
        # Close the connection without sending a response
        return 444;
    }
    
    Login or Signup to reply.
  4. You can deny all and reject connections for unknown domains, when somebody tries to use IP:80 and IP:443.

    Response for HTTP(80): Connection closed without response.
    Response for HTTPS(443): Reject SSL connection.

    Include this config to /etc/nginx/nginx.conf:

    # /etc/nginx/sites-enabled/default_server.conf
    
    # HTTP:80 = catch-all server block, resulting in a 444 response for unknown domains.
    # HTTPS:443 = catch-all server block, resulting in reject SSL connection for unknown domains.
    
    server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name "_";
        return 444; # Connection closed without response
    }
    
    server {
        listen 443 default_server;
        listen [::]:443 default_server;
        server_name "_";
        ssl_reject_handshake on; # Reject SSL connection
    }
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search