如何通过Nginx防止未经授权的域名转发?

时间:2017-06-15 06:14:17

标签: ssl nginx https dns phishing

未经授权的域名unauthdomain.cf正在转发到我们的域名ourdomain.com。我们试图阻止这个未经授权的域通过nginx呈现我们的内容/页面,但http上的解决方案却没有在https上工作。

要在http和https上捕获非授权域,我们尝试了以下内容:

server{ 
listen 80 default_server; 
root /aaa/bbb/www/404; 
index index.html index.htm; 
location / { 
try_files $uri $uri/ =404; 
} 
} 

server{ 
listen 443 default_server; 
root /aaa/bbb/www/404; 
index index.html index.htm; 
location / { 
try_files $uri $uri/ =404; 
} 
}

但我收到了错误

Secure Connection Failed
An error occurred during a connection to ourdomain.com. SSL received a 
record that exceeded the maximum permissible length. Error code: 
SSL_ERROR_RX_RECORD_TOO_LONG

My Domain Non-SSL V-host:

server { 
listen 80; 
server_name ourdomain.com www.ourdomain.com; 
server_tokens off;

My Domain SSL V-host:

server { 
listen 443; 
server_name ourdomain.com; 

ssl on; 
ssl_certificate /myssl_crt_file; 
ssl_certificate_key /myssl_key_file; 

ssl_protocols SSLv2 TLSv1 TLSv1.1 TLSv1.2; 
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256HE-RSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHAHE-RSA-AES256-SHA; 
ssl_prefer_server_ciphers on;

任何建议都会有很大帮助!

0 个答案:

没有答案
相关问题
最新问题