域名泛解析后nginx拒绝未绑定域名

情景：比如 test.com这个一级域名在万网或西部数码上泛解析到阿里云主机上192.168.1.10上（* 泛解析），解析生效后，在浏览器上输入a.test.com、b.test.com..........都可以直接访问到云主机。实际上我们只允许在Nginx配置过的二级域名访问，其他没有配置文件的二级域名需要拒绝，防止恶意访问。

第一种：

返回HTTP 状态码

server {
listen 80 default;
server_name _;
return 403;
}

default表示默认主机

403为Http状态码，可根据需要修改

这样可以屏蔽所有域名（除了你自己绑定的）和IP的访问。

我们也可以吧return 403;改成重定向，把非法访问重定向到其他地址

第二种：

server {
listen 80 default;
server_name _;
rewrite ^(.*) http://www.baidu.com permanent;
}

改成重定向，把非法访问重定向到其他地址



例子：如下为Nginx.conf的配置

#######################################################################
#
# This is the main Nginx configuration file.
#
# More information about the configuration options is available on
#   * the English wiki - http://wiki.nginx.org/Main #   * the Russian documentation - http://sysoev.ru/nginx/ #
#######################################################################

#----------------------------------------------------------------------
# Main Module - directives that cover basic functionality
#
#   http://wiki.nginx.org/NginxHttpMainModule #
#----------------------------------------------------------------------

user              nginx;
#worker_processes  16;
worker_processes  4;

######add parameter######
worker_rlimit_nofile 65535;
######end add ###########

error_log  /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;

pid        /var/run/nginx.pid;

#----------------------------------------------------------------------
# Events Module
#
#   http://wiki.nginx.org/NginxHttpEventsModule #
#----------------------------------------------------------------------

events {
#####add parameter #####
use epoll;
worker_connections  65535;
#####end add ###########
#worker_connections  1024;
}

#----------------------------------------------------------------------
# HTTP Core Module
#
#   http://wiki.nginx.org/NginxHttpCoreModule #
#----------------------------------------------------------------------

http {
include       /etc/nginx/mime.types;
default_type  application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

sendfile        on;
tcp_nopush     on;
server_names_hash_bucket_size 512;
#keepalive_timeout  0;
keepalive_timeout  300;
tcp_nodelay     on;       ######add file
fastcgi_connect_timeout 300s;
fastcgi_send_timeout 300s;
fastcgi_read_timeout 300s;
fastcgi_buffer_size 64k;
fastcgi_buffers   4 32k;
fastcgi_busy_buffers_size 64k;
fastcgi_temp_file_write_size 64k;

#gzip  on;

# Load config files from the /etc/nginx/conf.d directory
# The default server is in conf.d/default.conf
client_header_buffer_size    128k;        #####add file
large_client_header_buffers  4 128k;      #####add file
server{
listen 80 default;
rewrite ^(.*) http://ifengniu.com permanent;
}
include /etc/nginx/conf.d/*.conf;
include sites-enabled/*;

}

二级域名的配置没有变化