Tout domaine XYZ pointant vers l’adresse IP de mon serveur Digital Ocean est redirigé vers mon forum. Cela a généré de nombreux journaux d’erreurs 404 inconnus et affecte le profil de liens.
Je pense ajouter une règle comme celle-ci :
location / {
if ($server_name !~ "^forum\.)?example\.com$"){
return 403;
}
}
ce qui signifie refuser les requêtes provenant de domaines non autorisés.
Pouvez-vous m’indiquer comment l’ajouter ?
Cordialement,
Gulshan
Last time this was brought up the easiest solution was to enable SSL, that will cause the wrong domains to either redirect to the correct one, or show an SSL error:
If thats not an option you can use a pups template to add that 403 block into the Discourse nginx config.
I am already using Let’s Encrypt. The issue is what XYZ domain point it simply redirect 301 to my forum.
Then adding it to the Discourse nginx config would be the next easiest thing. Using a new pups template would be the best way, to save you needing to re-apply the change every rebuild.
You could try… Make a new file at /var/discourse/templates/web.403.yml, with the following contents:
run:
- replace:
filename: "/etc/nginx/conf.d/discourse.conf"
from: /location / \{/
to: |
location / {
if ($server_name !~ "^forum\.)?example\.com$"){
return 403;
}
Then edit /var/discourse/containers/app.yml and at the bottom of the templates section add a new line:
- "templates/web.403.yml"
And then try and run a ./launcher rebuild app, see how that goes.
Thanks, I will try it in the mid night (less traffic time) and update here what happens.
I should add…
If you want to test that config you can use ./launcher enter app to get a terminal up in the container, then edit /etc/nginx/conf.d/discourse.conf there (vi should be installed, or install something more familiar), and you can run service nginx reload to apply the config change.
If that all runs well, then my above post will make the change more permenant (by automatically making the change to the file every rebuild)