About Denying All Unintended Domain Requests

When you set a Django website with Nginx, hackers may try to do requests to the server using the IP address or via their domains temporarily pointing to your server's IP address. To avoid Django error reporting about domain not being in ALLOWED_HOSTS and to block their requests completely, add the default_server settings to your Nginx server configuration:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
server {
    listen 443 ssl default_server;
    server_name _;
    return 444;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
}

server {
    listen 80 default_server;
    server_name _;
    return 444;
}

Tips and Tricks Dev Ops Security Logging Django 3.2 Django 2.2 Django 1.11 Django 1.8 nginx Sentry SSL