nginx simply refuses already defined IP address on catch-all directive

Question

I have this catch-all:

 server { listen 80 default_server; server_name _; return 444; } 

Now, Let' s say we have two IPs called 1.2.3.4 and 1.2.3.5.

Well, Let' s say 1.2.3.4 is used on example.com and 1.2.3.5 is never used anywhere in config file. Basically only first IP is in use. Other IP is blank/empty/free.

Okay, here is the problem. A server block above is working with 1.2.3.5. Because this IP is never used with any server block. It is free. Assigned to Server. It responds. But never used for any website. listen 80; directive only works for 1.2.3.5.

In the other hand, 1.2.3.4 is not working. Nginx do not listen this IP. Because it is used by anmother server block. I tested myself. Indded, Nginx refuses to listen this Ips who are in use by ngnix server block

Now, If i change listen 80; to listen 1.2.3.4:80 then it i,s working for that IP.

Basically again Nginx do not allow me to listen for used IP address for default catch-all.

I just want to catch every fake domain that comes to my server which is not belongs to me. I want to disable users by fake host. But do I really need to write every IP to listen?

Is there any workaround? Any help?

EDIT 1: I also tried listen *:80; which has wildcard. Not worked either.

EDIT 2: If i remove all IPs from listen directive and leave only ports, it works. But isn't we put ip addresses on listen directives? Nginx examples always shows only ports on listen. I doubt which one is correct. ip:port or only port.

Demo:

Works:

Other than example.com is rejected with 444 error.

server { listen 1.2.3.4:80 default_server; server_name _; return 444; } server { listen 1.2.3.4:80; server_name example.com; root /www } 

Not Work:

Still accept fake hosts other than example.com

server { listen 80 default_server; server_name _; return 444; } server { listen 1.2.3.4:80; server_name example.com; root /www } 

Conclusion:

After Nathan' s comments i digg into this issue and found this line:

The default_server parameter, if present, will cause the server to become the default server for the specified address:port pair.

Basically, as Nathan said, it will look highest IP and that server block only available at that level. To accomplish this, you have to sepcify each IP. So, We have 2 options.

1. Use listen 80; directive and parameter and you can define one default server for port 80
2. Use listen ip:80 and define each address' s own default server.

Another great tagline:

In this configuration, nginx first tests the IP address and port of the request against the listen directives of the server blocks. It then tests the “Host” header field of the request against the server_name entries of the server blocks that matched the IP address and port. If the server name is not found, the request will be processed by the default server. For example, a request for www.example.com received on the 192.168.1.1:80 port will be handled by the default server of the 192.168.1.1:80 port, i.e., by the first server, since there is no www.example.com defined for this port.

Answer 1

Typically applications will assign themselves to the "highest" available IP address on the system. This behavior is seen more often with IPv6 IPs but the concept is the same. If you specify both in server blocks it should work fine.