How to deny request from unauthorized domain?


(Ultra Noob) #1

Any XYZ domain which points to my Digital Ocean droplet IP, it redirects to my forum. This way it has created a lot of uknown 404 logs and affecting link profile.

I am thinking to add a rule like this

location / {
  if ($server_name !~ "^forum\.)?example\.com$"){
    return 403;
  }
}

which mean deny request from unauthorized domain

Please guide me how can I add?

Thanks & Regards,
Gulshan


Found My Clone Discourse Website on another domain
(Cameron:D) #2

Last time this was brought up the easiest solution was to enable SSL, that will cause the wrong domains to either redirect to the correct one, or show an SSL error:

If thats not an option you can use a pups template to add that 403 block into the Discourse nginx config.


(Ultra Noob) #3

I am already using Let’s Encrypt. The issue is what XYZ domain point it simply redirect 301 to my forum.


(Cameron:D) #4

Then adding it to the Discourse nginx config would be the next easiest thing. Using a new pups template would be the best way, to save you needing to re-apply the change every rebuild.

You could try… Make a new file at /var/discourse/templates/web.403.yml, with the following contents:

run:
  - replace:
     filename: "/etc/nginx/conf.d/discourse.conf"
     from: /location / \{/
     to: |
       location / {
         if ($server_name !~ "^forum\.)?example\.com$"){
           return 403;
         }

Then edit /var/discourse/containers/app.yml and at the bottom of the templates section add a new line:

  - "templates/web.403.yml"

And then try and run a ./launcher rebuild app, see how that goes.


(Ultra Noob) #5

Thanks, I will try it in the mid night (less traffic time) and update here what happens.


(Cameron:D) #6

I should add…
If you want to test that config you can use ./launcher enter app to get a terminal up in the container, then edit /etc/nginx/conf.d/discourse.conf there (vi should be installed, or install something more familiar), and you can run service nginx reload to apply the config change.

If that all runs well, then my above post will make the change more permenant (by automatically making the change to the file every rebuild)