block weird requests from nginx level

ahmedkhaleel2004 · ahmedkhaleel2004 · commit bcfa6ec2fdda · 2024-12-24T08:06:25.000-05:00
diff --git a/backend/nginx/api.conf b/backend/nginx/api.conf
@@ -1,6 +1,16 @@
 server {
     server_name api.gitdiagram.com;
 
+    # Block requests with no valid Host header
+    if ($host !~ ^(api.gitdiagram.com)$) {
+        return 444;
+    }
+
+    # Block common malicious request patterns
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+
     location / {
         proxy_pass http://127.0.0.1:8000;  # Forward to FastAPI
         include proxy_params;
@@ -13,8 +23,6 @@ server {
     proxy_read_timeout 300;
     send_timeout 300;
 
-    # todo: stop weird requests from being made
-
     listen 443 ssl; # managed by Certbot
     ssl_certificate /etc/letsencrypt/live/api.gitdiagram.com/fullchain.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/api.gitdiagram.com/privkey.pem; # managed by Certbot
