starred/nginx-proxy-manager-NginxProxyManager

Fork 0

mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 17:35:52 +03:00

[GH-ISSUE #3637] The domain name was maliciously resolved to my server. #2412

New issue

Closed

opened 2026-02-26 07:35:27 +03:00 by kerem · 5 comments

kerem commented

2026-02-26 07:35:27 +03:00

Owner

Originally created by @akitten-cn on GitHub (Mar 19, 2024).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3637

Someone else's domain name was maliciously parsed to my server. He could directly use his domain name: 81 to bypass npm and directly enter the npm login interface.
I want to add a server with mandatory domain name access.

server {
    listen 80 default_server;
    server_name _;
    location / {
        return 404;
    }

 }
server {
    listen 81 default_server;
    server_name _;
    location / {
        return 404;
    }

 }
server {
    listen 443 default_server;
    server_name _;
    location / {
        return 404;
    }

 }

But it doesn't seem to be successful. I don't know how to modify it.

Originally created by @akitten-cn on GitHub (Mar 19, 2024). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3637 Someone else's domain name was maliciously parsed to my server. He could directly use his domain name: 81 to bypass npm and directly enter the npm login interface. I want to add a server with mandatory domain name access. ```shell server { listen 80 default_server; server_name _; location / { return 404; } } server { listen 81 default_server; server_name _; location / { return 404; } } server { listen 443 default_server; server_name _; location / { return 404; } } ``` But it doesn't seem to be successful. I don't know how to modify it.

kerem

2026-02-26 07:35:27 +03:00

closed this issue
added the
stale
label

kerem commented

2026-02-26 07:35:28 +03:00

Author

Owner

@DiederikLascaris commented on GitHub (Mar 20, 2024):

I would disable access to port 81 in the firewall.

If you're behind a router (home lab, server at the office), just do not forward port 81 in your router from outside to your docker server. You'll still be able to access it by going to http:{internal_IP}:81

If t's directly connected to the internet (hosted server, vps) just only enable access in your firewall configuration to port 81 from your own IP address.

@DiederikLascaris commented on GitHub (Mar 20, 2024): I would disable access to port 81 in the firewall. If you're behind a router (home lab, server at the office), just do not forward port 81 in your router from outside to your docker server. You'll still be able to access it by going to http:{internal_IP}:81 If t's directly connected to the internet (hosted server, vps) just only enable access in your firewall configuration to port 81 from your own IP address.

kerem commented

2026-02-26 07:35:28 +03:00

Author

Owner

@wolviex commented on GitHub (Mar 20, 2024):

I'll second that comment. If you've exposed port 81 to the outside, then anyone can access it with a domain that resolves to your IP, or the IP itself with no domain.

Can you clarify what you mean by

server with mandatory domain name access.

@wolviex commented on GitHub (Mar 20, 2024): I'll second that comment. If you've exposed port 81 to the outside, then anyone can access it with a domain that resolves to your IP, or the IP itself with no domain. Can you clarify what you mean by > server with mandatory domain name access. ?

kerem commented

2026-02-26 07:35:28 +03:00

Author

Owner

@w41g87 commented on GitHub (Apr 5, 2024):

What I did is first configuring a proxy host forwarding <management_subdomain>.mydomain to localhost:81 (npm's management port), such that I can visit the management interface by visiting that subdomain. Then I compose down npm, and in the docker compose file I remove the port 81 line

ports:
- 81:81 # comment out this line

Then if someone wants to find your management interface they have to guess the correct subdomain.

@w41g87 commented on GitHub (Apr 5, 2024): What I did is first configuring a proxy host forwarding <management_subdomain>.mydomain to localhost:81 (npm's management port), such that I can visit the management interface by visiting that subdomain. Then I compose down npm, and in the docker compose file I remove the port 81 line ```diff ports: - 81:81 # comment out this line ``` Then if someone wants to find your management interface they have to guess the correct subdomain.

kerem commented

2026-02-26 07:35:28 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Oct 27, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

@github-actions[bot] commented on GitHub (Oct 27, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented

2026-02-26 07:35:28 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Oct 30, 2025):

Issue was closed due to inactivity.

@github-actions[bot] commented on GitHub (Oct 30, 2025): Issue was closed due to inactivity.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#2412

No description provided.

Rows
Columns