Can subdomains be used with ip on Nginx for testing, like teste.x.x.x.x
I did this but does not work.
server_name teste.x.x.x.x teste2.x.x.x.x ;
Thanks
I would say that is not possible, since an IP address is an entity by itself, and subdomains are a feature of DNS's structure or hierarchy.
However, for testing purposes, you could edit you /etc/hosts file, adding the following:
x.x.x.x teste.yourdomain.com
y.y.y.y teste2.yourdomain.com
and this way, accessing teste.yourdomain.com in your browser, would redirect your requests to x.x.x.x
Related
I have a bit problem with my site.
So setup is ElasticBeanstalk(NGINX) + Cloudflare
But each day around 4AM I have direct IP attack to my server.
Around 300 requests in 1-2 minutes.
Bot try to access some resources like
GET /phpMyadmi/index.php HTTP/1.1
GET /shaAdmin/index.php HTTP/1.1
POST /htfr.php HTTP/1.1
For now all of them going to 80 or 8080 ports.
And successfully handled by Nginx configuration that redirect it to example:443
server {
listen 80 default_server;
listen 8080 default_server;
server_name _;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
ssl on;
...
So questions are,
have many site owners/devOps face the same attack. What is your action to prevent such attacks.
For now it is handled very well and did not affect on server work, should I worry about it? Or just filter out logs with /phpmy/ pattern and forgot about it.
Before this attacks I have request with method PROPFIND, should I blocked it for security reasons? It is handled by default server for now.
I know that I can use Cloudflare Argotunel or ELB + WAF. But I am not really want to do it for now.
I have found one solution on stackoverflow. Is whitelist of all cloudflare ips. But i think it is not a good one.
Also another solution that should work I guess it is to check Host header, and compare it with 'example.com'.
To answer your specific questions:
Every public IP receives unwanted traffic like you describe, sadly its pretty normal. This isnt really an attack as such, its just a bot looking for signs of specific weaknesses, or otherwise trying to provoke a response that contains useful data. This data is no doubt later used in actual attacks, but its basically automated recognisance on a potentially massive scale.
This kind of script likely isnt trying to do any damage, so as long your server is well configured & fully patched its not a big concern. However these kinds of scans are first step towards launching an attack - by identifying services & application versions with known vulnerabilities - so its wise to keep your logs for analysis.
You should follow the principle of least privilege. PROPFIND is related to WebDAV - if you dont use it, disable it (or better white list the verbs you do support and ignore the rest).
If your site is already behind CloudFlare then you really should firewall access to your IP so only Cloudflares IPs can talk to your server. Those IPs do change, so I would suggest a script to download the latest from https://www.cloudflare.com/ips-v4 and have it periodically update your firewall. Theres a slightly vuage help article from CloudFlare on the subject here: https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-Cloudflare-s-IP-addresses-in-iptables-
If for whatever reason you cant firewall the IP, your next best option is something like fail2ban (www.fail2ban.org) - its a log parser that can manipulate the firewall to temporarily or permanently block an IP address based on patterns found in your log files.
A final thought - id advise against redirecting from your IP to your domain name - your telling the bot/hackers your URL - which they can then use to bypass the CDN and attack your server directly. Unless you have some reason to allow HTTP/HTTPS traffic to your IP address, return a 4XX (maybe 444 a " Connection Closed Without Response") instead of redirecting when requests hit your IP. You should then create a separate server block to handle your redirects, but only have it respond to genuine named URLs.
Basically, I have a couple of services. I want to forward every requests with prefix "/secured" to server1 port 80 and all other requests to server 2 port 80. The problem is that on server1, I am running service which accept the request without "/secured" prefix. In other words, I want to forward every requests such as "http://example.com/secured/api/getUser" to server1 as "http://example.com/api/getUser" (remove /secured from request' path).
With AWS ALB, currently the request is sent as http://example.com/secured/api/getUser; which forces me to update my server1's code so that the code handles requests with /secured prefix which doesn't look good.
Is there any easy way to solve this with ALB?
Thanks.
I can confirm that this is unfortunately not possible with the ALB alone - and I agree it really should be.
AWS states:
Note that the path pattern is used to route requests but does not
alter them. For example, if a rule has a path pattern of /img/*, the
rule would forward a request for /img/picture.jpg to the specified
target group as a request for /img/picture.jpg.
I had the same issue, and as Mark pointed out, you can use reverse proxy on your server and do something like this (this is Nginx configuration):
server {
listen 80 default_server;
location /secured/ {
proxy_pass http://localhost:{service_port}/;
}
}
This will strip the /secured part and proxy everything else to your service. Just be sure to have the trailing / after the service port.
I'm trying to setup my local wamp server online using its online/offline feature.
Every time I head to my IP address, I get redirected to my router's config page instead of wamp homepage.
I tried changing these lines in httpd.config file at C:\wamp\bin\apache\appache2.4.9\conf\
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 0.0.0.0:80
Listen [::0]:80
to
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:8080
Listen 0.0.0.0:8080
Listen [::0]:8080
but my ip (the one that shows at http://whatsmyip.org) still redirects to my router's config page. Even if I write XXX.XXX.XXX.XXX:8080 i get ERR_CONNECTION_TIMED_OUT
EDIT: Adding some info
Router info:
http://www.zyxel.com/products_services/amg1202_t10b.shtml?t=p
Dynamic IP (That's my ISP plan)
Your router is at a lower level. Some type of remote config/help/whatever is turned on in your router. Since it is at a lower level then your Apache server, it will always grab the packets with destination port 80 first.
You need to figure out what "feature" is turned on in your router.
Internet -> Router -> Apache
Your apache is probably just fine.
Regards to your router...since it's not showing what you need. You could factory reset it and make sure you set it up with "advanced view" selected. You should have all your options to set port-forwarding correctly
https://www.youtube.com/watch?v=QZ0zoZ_pbUM
The easiest way is to give your PC a static IP address and add that address to your router's DMZ but without knowing your router's make/model I cannot give you step by step instructions.
It's basically a port forwarding issue. Check you have forwarded the correct ports on your router.
Most home/office routers will do this.
It's because most do not have a feature called LoopBack either available or turned on.
Without this feature the router has no way of spotting that the ip address you are using in your browser is in fact your routers WAN IP Address so it assumes you are addressing your routers httpd server and launches the routers Admin panels. ( yup there is an web server running in your router )
With loopback enabled it would, loop you back into your internal network.
I have the following problem and I am struggling to find if a solution exists for it, or what the best practice is here.
I have a site example.com, and multiple servers with different IP addresses around the world. I am seeing the following behaviour in my browser (Chrome) - for simplicity lets say I only have 2 IP addresses for now.
I connect to example.com and data is served from IP address A.B.C.D (server 1). After 40 seconds or, any subsequent request (GET/POST) to example.com then resolves to W.X.Y.Z (server 2). My issue is that I have a cookie based web session on server 1, and server 2 knows nothing about that session. There is no kind of back-end replication I can do to sync state between both servers.
Is there any way I can force the browser to only connect to a single server once a server has served the first page? I am using RR DNS with multiple A records at the moment. Would switching to CNAME solve this problem?
One solution I was thinking of was having each server reply with a configured domain in the http headers (e.g. server1 would reply with X-HEADER: server1.example.com, server2 would reply with X-HEADER: server2.example.com) and then force the browser to make requests to these. I would then have a single IP address for server1.example.com, and another for server2.example.com. Does this break same-origin policy though? If I am on example.com can I send GET/POST/PUT etc. to server1.example.com?
I'd really appreciate any advice on this - I'm so confused!
I want to recover from IP address change. My website used to be running fine, but after I allocated elastic IP address, it stopped working I want the website to be running again with new IP address.
So my question is: What steps must I consider and where should I look at first to recover from IP address change?
I can't access that website with old DNS address or new DNS address. Is this DNS issue?
Notes that might be helpful:
My web server seems to be using nginx, and I tried changing the configuration file with new dns, but that doesn't seem to do it.
When I access new domain name, it redirects to old domain name.
when I check with curl using curl -I http://localhost:80, it says HTTP/1.1 301 Moved Permanently
Just as an add on. The problem is this configuration change in your nginx file:
server {
listen 80;
server_name my.old.domain.com;
...
}
Has to be changed to:
server {
listen 80;
server_name my.new.domain.com;
...
}
So the DNS change can take up to 48 hours to propagate (it usually takes 10-30 minutes from experience, depending on your DNS provider)
When the DNS server wasn't propagated nginx would still redirect you to my.old.domain.com
Hope this helps.
Okay, I think it was just time issue.
After changing web server configuration (nginx), I waited around 28 hours and it suddenly started working again.
Source:
Subdomain IP address changed but client still getting directed to old site