Deny access for people using the server's IP Address rather than a valid domain name (Solved)

Hey guys, I’m trying to deny access to one of my servers (my intranet server) when people are using the IP Address to access the server rather than the domain that’s attached to that IP Address. Is there a way in nginx to do such a task? I know you can do stuff like

deny all

And

location / { deny all; }

But I’m looking specifically for something in the realms or concept of

server {
  listen *:80;
  server_name xxx.xxx.xx.xx; # The server's IP Address
  location / { deny all; } # Deny all access to this particular location
}

However this concept breaks nginx and forces nginx to not start.

^ Correction, it actually doesn’t break nginx, but it allows people to still come through using the server’s IP Address.

So the reason why I’m trying to do this is so when someone tries to access my server using the server’s IP address like 111.111.11.11 (dummy IP Address), it forces them to get this browser error.

https://stackoverflow.com/questions/61800208/nginx-allow-via-domain-but-not-via-the-ip ?

1 Like

:slight_smile: Thanks. That portion worked for port 443. I found out I did a silly mistake by putting the default values behind one of my other configuration files which forced anything on port 80 that isn’t the domain to redirect to that specific domain. I had setup my server to import dynamic configurations so I don’t have to manually have to add new configurations into the file. I would just need to create new configuration files based on needs and restart nginx.

1 Like

Nope, I stated in my OP this server is an intranet server meaning only people who are supposed to be authorized to access this server should only be able to access it. Accessing a server through the IP is public, but again since this is an intranet server, it makes no sense to be allowing random people access to this server. Moreover, the proper way to access this particular server I have is by using the VPN I setup for it along with multi-factor authentication.

What are you talking about? I don’t think you understand what an intranet server is. An intranet server is a privately secured server that only authorized users should be accessing. Hence why I had the need to deny access to anyone using the IP address in the URL. The only people who should be authorized to be accessing this server currently is myself. That’s also not the proper way to be accessing the server. The proper way is through the website’s domain name.

There is no “connecting to the IP address is ok” type of nonsense. The problem was already resolved by @m_hutley. Hopefully you know what an intranet server is now.

Sorry to jump in here, but why is your intranet server accessible from a public ip address? That kind of defeats the purpose (and defies the definition) of intranet.

:grin: It shouldn’t be, but there was a defect I had made that allowed folks to access the intranet server through the IP address. So this intranet server is running on a Gitlab instance. Gitlab uses a different kind of nginx installation compared to a default nginx installation. When I was messing with the nginx configurations, I had inadvertently allowed public access to port 80 and port 443 through the IP address. I’m currently using OpenVPN Access Server for the VPN connection.