Nginx configuration to make open ports look like they're closed

kfeen

10/6/22, 5:00 AM

I have ports 443 and 80 open on my firewall and pointing to my Nginx reverse-proxy server. I have Nginx setup so that if anyone accesses ports 443 or 80 using my IP address Nginx returns a 444 error. I would like to set Nginx up in such a way so that if someone does a port scan of my IP address they won't even see the ports as open. Is this something that's possible? My current config looks like this:

server {
  listen 80;
  listen 443 ssl;
  
  ssl on;
  ssl_certificate /path/to/crt;
  ssl_certificate_key /path/to/crt/key;

  server_name _;
  return 444;
}

I'd like to change this so that nothing gets returned and the client just gets a timeout error with no HTTP headers transferred.

1 + 2

nginx

Marco

10/6/22, 5:43 AM

What is the rule for allowing requests to be made? Auth? IP? URI? Whenever you need something from the client, it's probably going to know a connection is possible.

Gerard H. Pille

10/6/22, 6:49 AM

A firewall can do that, then you won't need nginx anymore. The brits say you can't have your cake and eat it, although they often try.

Score:0

Server

Franco Corbelli

10/6/22, 11:53 AM

"I have ports 443 and 80 open on my firewall and pointing to my Nginx reverse-proxy server. I have Nginx setup so that if anyone accesses ports 443 or 80"

So your firewall is useless: every 80/443 request "travel" through the firewall as if it were not there.

You cannot prevent anyone from seeing that ports are open, unless you program your firewall to allow connections only (for example) from certain source IPs.

In this case you could impose rules like "ONLY if a connection comes from my home IP allow it to get to ports 443 and 80, otherwise block them"

0 + 1

djdomi

10/6/22, 1:11 PM

Don't open the ports for the public? Easy! Change ever `listen 80` to `listen 127.0.0.1:80` also the same for 443 and your issues are gone. The web is secured from You and your Webservice ;) And you don't need to open any firewall ports. Seriously, move your question, to superuser as you seems to me not a business Admin

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Nginx configuration to make open ports look like they're closed

TH: การกำหนดค่า Nginx เพื่อทำให้พอร์ตที่เปิดดูเหมือนปิดอยู่

RO: Configurația Nginx pentru a face porturile deschise să pară închise

RU: Конфигурация Nginx, чтобы открытые порты выглядели так, как будто они закрыты

VI: Cấu hình Nginx để làm cho các cổng mở trông giống như chúng đang đóng

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.