From 4795a1854b17033ab865094724b0f5ca3d3fc81e Mon Sep 17 00:00:00 2001
From: nickdibari <ndibari@fordham.edu>
Date: Fri, 20 Nov 2020 22:09:33 -0500
Subject: [PATCH 1/3] Remove conditional for host header check in mtdj nginx
 config

---
 roles/nginx/templates/mtdj/nginx.j2 | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/roles/nginx/templates/mtdj/nginx.j2 b/roles/nginx/templates/mtdj/nginx.j2
index 27bb4fa..4d60c4f 100644
--- a/roles/nginx/templates/mtdj/nginx.j2
+++ b/roles/nginx/templates/mtdj/nginx.j2
@@ -7,11 +7,6 @@ server {
     server_name {{ app_hostname }} admin.{{ app_hostname }};
     access_log /var/log/nginx/access.log access;
 
-    # Deny invalid Host headers
-    if ($host !~* ^({{ app_hostname }}|admin.{{ app_hostname }})$) {
-        return 444;
-    }
-
     if ($request_method !~ ^(GET|POST|DELETE|HEAD|PATCH)$) {
         return 405;
     }

From 81dca49d79c92f046e3650eb69bd70b208a53746 Mon Sep 17 00:00:00 2001
From: nickdibari <ndibari@fordham.edu>
Date: Fri, 20 Nov 2020 22:27:55 -0500
Subject: [PATCH 2/3] Remove conditional for allow request method in nginx
 config

---
 roles/nginx/templates/mtdj/nginx.j2 | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/roles/nginx/templates/mtdj/nginx.j2 b/roles/nginx/templates/mtdj/nginx.j2
index 4d60c4f..bb6d6fe 100644
--- a/roles/nginx/templates/mtdj/nginx.j2
+++ b/roles/nginx/templates/mtdj/nginx.j2
@@ -7,10 +7,6 @@ server {
     server_name {{ app_hostname }} admin.{{ app_hostname }};
     access_log /var/log/nginx/access.log access;
 
-    if ($request_method !~ ^(GET|POST|DELETE|HEAD|PATCH)$) {
-        return 405;
-    }
-
     keepalive_timeout 5;
 
     location /static {

From c30e01dbebb9aed2fe9f69d6a6a835fa53e078f3 Mon Sep 17 00:00:00 2001
From: nickdibari <ndibari@fordham.edu>
Date: Thu, 17 Jun 2021 21:43:20 -0400
Subject: [PATCH 3/3] Add server block to reject requests without host header

---
 roles/nginx/templates/mtdj/nginx.j2 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/nginx/templates/mtdj/nginx.j2 b/roles/nginx/templates/mtdj/nginx.j2
index bb6d6fe..cc5de03 100644
--- a/roles/nginx/templates/mtdj/nginx.j2
+++ b/roles/nginx/templates/mtdj/nginx.j2
@@ -2,6 +2,14 @@ upstream app_server {
     server 127.0.0.1:{{ wsgi_server_port }};
 }
 
+server {
+    listen 443 default_server ssl;
+    server_name _ "" default_server;
+    access_log /var/log/nginx/access.log access;
+
+    return 444;
+}
+
 server {
     listen 443 ssl http2;
     server_name {{ app_hostname }} admin.{{ app_hostname }};