Prevent default server or wildcard in nginx

nginx

I have two domains: staging.abc.com and www.example.com pointing to the same server IP in my DNS. I don't have a site enabled/available for staging.abc.com, but I have one for www.example.com. However, whenever I access staging.abc.com, it points to www.example.com.

Here are my confs. My /etc/nginx/nginx.conf is default. I didn't change anything.

I don't have a sites-available/default. It's been removed.

# sites-available/example
server {
  listen 80;
  server_name example.com;
  return 301 http://www.example.com$request_uri;
}

server {
  listen 80;
  listen [::]:80;

  root /home/deployer/example;
  index index.php index.html index.htm;

  server_name www.example.com;

  location ~* .(jpg|jpeg|png|gif|ico|css|js|woff)$ {
  expires 30d;
  }

  location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
  }

  error_page 404 /404.html;

  error_page 500 502 503 504 /50x.html;
  location = /50x.html {
    root /usr/share/nginx/html;
  }

  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_read_timeout 300;
  }

  include /home/deployer/example/nginx.conf;
}


# nginx.conf
user www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##
        charset utf-8;
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;
        proxy_read_timeout 300;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;
...

I tried inserting this to the http block but to no avail:

server {
    listen      80;
    server_name "";
    return      444;
}

Here's what I want to achieve:

  1. Changes are preferably done on sites-available.
  2. The server should not resolve any connection (returns 444) for all domain names that have not been assigned to any app.

Unless you explicitly define a default server, nginx will use the first server block with a matching port for any request where there is no server_name match. See this document for details.

You should create a catch all server block, for example:

server {
    listen 80 default_server;
    return 444;
}

Related

Blocking tor from my website
Httpd problem, suspect an attack but not sure
Computer can't resolve other computer names
Block Administrators authentication attemps from workstations
Does Azure CDN support stale-while-revalidate caching?
How do I mount the CentOS 7 ISO and add it as a yum repository
Data resiliency in Ceph or Gluster
How to redirect traffic from squid to vpn?
NAT Packet goes out on wrong Gateway
Should both root and wheel users own the files that originally were only owned by root?
What does the closing date mean exactly? [closed]
Using dates, is "between" inclusive of the start and end dates, or is "from" more appropriate? [duplicate]