About Denying All Unintended Domain Requests

When you set a Django website with Nginx, hackers may try to do requests to the server using the IP address or via their domains temporarily pointing to your server's IP address. To avoid Django error reporting about domain not being in ALLOWED_HOSTS and to block their requests completely, add the default_server settings to your Nginx server configuration:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
server {
    listen 443 ssl default_server;
    server_name _;
    return 444;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
}

server {
    listen 80 default_server;
    server_name _;
    return 444;
}

Tips and Tricks Dev Ops Security Logging Django 3.2 Django 2.2 Django 1.11 Django 1.8 nginx Sentry SSL

Also by me

Django Paddle Subscriptions app

For Django-based SaaS projects.

Django App for You
Django GDPR Cookie Consent app

For Django websites that use cookies.

Django App for You
Django 3 Web Development Cookbook - Fourth Edition
Book for You
Django 3 Web Development Cookbook

Learn how to build practical web projects with Django 3.
1st things 1st
SaaS for You
Online prioritizer "1st things 1st"

It's not for everyone, but it might be for you!