starred/nginx-ui
1
0
Fork 0
mirror of https://github.com/0xJacky/nginx-ui.git synced 2026-04-25 16:55:56 +03:00
Code Issues 618 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #389] 二级域名的反向代理可随意访问 #1567

New issue
Closed
opened 2026-02-27 12:11:40 +03:00 by kerem · 3 comments
kerem commented 2026-02-27 12:11:40 +03:00
Owner
Copy link

Originally created by @thansury on GitHub (May 12, 2024).
Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/389

二级域名aa.bb.com经过反代后,可以随意更改前缀aa为任意字符,均可访问服务器。如果在高级设置里,添加上
if ($host != $server_name) {
return 204;
}
则可以避免这个问题。
EN9UIPAXTC0R(66@`BQD$ 7
QQ截图20240512174257

实际上反向代理模板是没有这个代码的,请求开发者下一更新添加此代码!感谢开发者带来的优秀产品,使我省了很多时间。

Originally created by @thansury on GitHub (May 12, 2024). Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/389 二级域名aa.bb.com经过反代后,可以随意更改前缀aa为任意字符,均可访问服务器。如果在高级设置里,添加上 if ($host != $server_name) { return 204; } 则可以避免这个问题。 ![EN9UIPAXTC0R(66@`BQD$ 7](https://github.com/0xJacky/nginx-ui/assets/63008892/5bde8c98-bb6e-42fc-9c80-6cde75fd3236) ![QQ截图20240512174257](https://github.com/0xJacky/nginx-ui/assets/63008892/f11d941d-9c72-4b0a-8cf4-74bf554bc19f) 实际上**反向代理模板**是没有这个代码的,请求开发者下一更新添加此代码!感谢开发者带来的优秀产品,使我省了很多时间。
kerem closed this issue 2026-02-27 12:11:41 +03:00
kerem commented 2026-02-27 12:11:41 +03:00
Author
Owner
Copy link

@0xJacky commented on GitHub (May 12, 2024):

返回 404 好像也可以?

<!-- gh-comment-id:2106203078 --> @0xJacky commented on GitHub (May 12, 2024): 返回 404 好像也可以?
kerem commented 2026-02-27 12:11:41 +03:00
Author
Owner
Copy link

@thansury commented on GitHub (May 12, 2024):

返回 404 好像也可以?

是的,返回204和404都可以,主要是没有上面那个host !=$server_name一行代码。这行判定使我后来加上的。原来的模板上没有。希望下一个版本的模板上能加上这一行代码

<!-- gh-comment-id:2106208192 --> @thansury commented on GitHub (May 12, 2024): > 返回 404 好像也可以? 是的,返回204和404都可以,主要是没有上面那个host !=$server_name一行代码。这行判定使我后来加上的。原来的模板上没有。希望下一个版本的模板上能加上这一行代码
kerem commented 2026-02-27 12:11:41 +03:00
Author
Owner
Copy link

@0xJacky commented on GitHub (May 12, 2024):

我加在 server block 里应该也是可以的吧
github.com/0xJacky/nginx-ui@7ce0c1f951

<!-- gh-comment-id:2106270725 --> @0xJacky commented on GitHub (May 12, 2024): 我加在 server block 里应该也是可以的吧 https://github.com/0xJacky/nginx-ui/commit/7ce0c1f95177cfb67167db9a86e6c92537f48c69
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
weblate
main
renovate/uuid-14.x
renovate/typescript-6.x
renovate/all-minor-patch
cursor/interface-conversion-error-36ec
cursor/docker-api-stat-path-27ca
cursor/nginx-ui-disk-i-o-3d99
cursor/cloudflare-dns-comments-299c
cursor/access-log-dark-mode-font-dfdc
copilot/fix-ai-chat-title-error
cursor/propfind-method-logging-33b5
cursor/docker-client-version-update-d1b4
copilot/fix-nginx-ui-api-errors
cursor/update-x-forwarded-proto-header-handling-1223
cursor/fix-nginx-ui-issue-1455-gpt-5.1-codex-high-079c
cursor/update-nginx-ui-to-vue-3-gpt-5.1-codex-high-3100
cursor/investigate-nginx-ui-issue-1446-gpt-5.1-codex-high-2be0
v1
v2.3.8
v2.3.7
v2.3.6
v2.3.5
v2.3.4
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.1
v2.2.0-patch.1
v2.2.0
v2.1.17
v2.1.16
v2.1.15
v2.1.14
v2.1.13
v2.1.12
v2.1.11
v2.1.10
v2.1.9
v2.1.8
v2.1.7
v2.1.6
v2.1.5
v2.1.4-patch.1
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.1.0-patch.1
v2.1.0
v2.1.0-rc.3
v2.1.0-rc.2
v2.1.0-rc.1
v2.1.0-beta.1
v2.0.2
v2.0.1
v2.0.0
v2.0.0-rc.8-patch.1
v2.0.0-rc.8
v2.0.0-rc.7-patch.6
v2.0.0-rc.7-patch.7
v2.0.0-rc.7-patch.8
v2.0.0-rc.7-patch.5
v2.0.0-rc.7-patch.4
v2.0.0-rc.7-patch.3
v2.0.0-rc.7-patch.2
v2.0.0-rc.7-patch.1
v2.0.0-rc.7
v2.0.0-rc.6-patch.5
v2.0.0-rc.6-patch.4
v2.0.0-rc.6-patch.3
v2.0.0-rc.6-patch.2
v2.0.0-rc.6-patch.1
v2.0.0-rc.6
v2.0.0-rc.5
v2.0.0-rc.4-patch.3
v2.0.0-rc.4-patch.2
v2.0.0-rc.4-patch.1
v2.0.0-rc.4
v2.0.0-rc.3-patch.1
v2.0.0-rc.3
v2.0.0-rc.2
v2.0.0-rc.1-patch.2
v2.0.0-rc.1-patch.1
v2.0.0-rc.1
v2.0.0-beta.42
v2.0.0-beta.41
v2.0.0-beta.40
v2.0.0-beta.39-risefront.6
v2.0.0-beta.39-risefront.5
v2.0.0-beta.39-risefront.4
v2.0.0-beta.39-risefront.3
v2.0.0-beta.39-risefront.2
v2.0.0-beta.39-risefront
v2.0.0-beta.39
v2.0.0-beta.38
v2.0.0-beta.37-patch.5
v2.0.0-beta.37-patch.3
v2.0.0-beta.37-patch.4
v2.0.0-beta.37-patch.2
v2.0.0-beta.37-patch.1
v2.0.0-beta.37
v2.0.0-beta.36
v2.0.0-beta.35
v2.0.0-beta.34
v2.0.0-beta.33
v2.0.0-beta.32-patch.1
v2.0.0-beta.32
v2.0.0-beta.31
v2.0.0-beta.30
v2.0.0-beta.29
v2.0.0-beta.28
v2.0.0-beta.27
v2.0.0-beta.26
v2.0.0-beta.25-patch.2
v2.0.0-beta.25-patch.1
v2.0.0-beta.25
v2.0.0-beta.24
v2.0.0-beta.23-patch.2
v2.0.0-beta.23-patch.1
v2.0.0-beta.23
v2.0.0-beta.22
v2.0.0-beta.21
v2.0.0-beta.20
v2.0.0-beta.19
v2.0.0-beta.18-patch.2
v2.0.0-beta.18-patch.1
v2.0.0-beta.18
v2.0.0-beta.17
v2.0.0-beta.16
v2.0.0-beta.15
v2.0.0-beta.14
v2.0.0-beta.13-patch
v2.0.0-beta.13
v2.0.0-beta.12
v2.0.0-beta.11
v2.0.0-beta.10-patch
v2.0.0-beta.10
v2.0.0-beta.9
v2.0.0-beta.8-patch
v2.0.0-beta.8
v2.0.0-beta.7
v2.0.0-beta.6-patch.2
v2.0.0-beta.6-patch
v2.0.0-beta.6
v2.0.0-beta.5-patch
v2.0.0-beta.5
v2.0.0-beta.4-patch
v2.0.0-beta.4
v2.0.0-beta.3
v2.0.0-beta.2
v2.0.0-beta.1
v1.9.9-4
v1.9.9-3
v1.9.9-2
v1.9.9
v1.9.9-1
v1.8.4-patch
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.9
v1.7.8
v1.7.7
v1.7.6
v1.7.5
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0-patch
v1.7.0
v1.6.8
v1.6.7
v1.6.6
v1.6.5
v1.6.3
v1.6.2
v1.6.1
v1.6.0-fix
v1.6.0
v1.5.2
v1.5.1
v1.5.0
v1.5.0-beta9
v1.5.0-beta8
v1.5.0-beta7
v1.5.0-beta6
v1.5.0-beta5
v1.5.0-beta4-fix
v1.5.0-beta4
v1.5.0-beta3
v1.5.0-beta2
v1.5.0-beta1
v1.4.2
v1.4.1
v1.4.0
v1.4.0-rc1
v1.3.3-rc1
v1.3.2
v1.3.1-fix
v1.3.1
v1.3.0
v1.3.0-rc1
v1.2.2
v1.2.1
v1.2.0
v1.2.0-rc.3
v1.2.0-rc.2
v1.2.0-rc.1
v1.2.0-alpha.4
v1.2.0-alpha.3
v1.2.0-alpha.2
v1.1.0
Labels
Clear labels   
Q/A

   
bug

   
casdoor

   
dependencies

   
docker

   
documentation

   
duplicate

   
enhancement

   
help wanted

   
invalid

   
lego

   
platform:openwrt

   
platform:windows

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
wontfix
No labels
Q/A
bug
casdoor
dependencies
docker
documentation
duplicate
enhancement
help wanted
invalid
lego
platform:openwrt
platform:windows
pull-request
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-ui#1567
No description provided.