How to hide restricted nginx subdomains?

Question

To hide a restricted location, e.g.

location /secret/ {
 allow 10.0.0.0/24;
 deny all;
}

one could set

error_page 403 =404 /404.html;
error_page 404 /404.html;

to make impossible to distinguish a non-existing location (404) from a restricted one (403).

Is there a way to perform a similar spoof for subdomains?

I want https://admin.example.org/, which normally returns 403 if not visited via VPN, to show the same of https://nonexistingsubdomain.example.org/, e.g. a .html page with a redirect to https://example.org/.

score 0 · Answer 1 · answered Feb 23 '22 at 20:35

Usually the subdomain is a different DNS record and points to a IP address(server). In your case you can create a virtual host which will handle all requests to https://admin.example.com for ex. and setup permissions there.

Take a look at this article: https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-virtual-hosts-on-ubuntu-16-04

How to hide restricted nginx subdomains?

1 Answers1