Home / user-126131

Biggie's questions

Martin Hope
Biggie
Asked: 2015-02-16 05:52:58 +0800 CST
  • 28

I want to restrict the access for some VHosts so that only 127.0.0.1 can access it. I always used something like this to bind the VHost to the localhost and not the external IP:

server {
    listen 127.0.0.1;
    server_name myvhost.local;
    location / {
        ....
    }
}

But I noticed that some tutorials also include explicit allow directives for the localhost and expicitly deny all others:

server {
    listen 127.0.0.1;
    server_name myvhost.local;
    location / {
        allow 127.0.0.1;
        deny all;
        ...
    }
}

Are these allow/deny directives really needed when I already listen only at 127.0.0.1?

nginx
Martin Hope
Biggie
Asked: 2015-02-16 05:32:20 +0800 CST
  • 0

I noticed that many tutorials on the web specify the mydestination variable of postfix like this:

mydestination = localhost, localhost.myhostname, myhostname, mydomain1.com, mydomain2.com

Note: myhostname is the name postfix uses in HELO.
However this would allow an external client to send an email to user@localhost. Of course only if user is a valid username and postfix' restrictions (like reject_non_fqdn_recipient) are not used.

Since I want to accept mails only for mydomain1.com and mydomain2.com I changed the line at my server to:

mydestination = mydomain1.com, mydomain2.com

This works for external mail and even for local mails, where only the receiver-username without domain is used (due to the correct domain mydomain1.com in /etc/mailname).

Now I wonder whether the absence of localhost etc. in mydestination can cause any problems or if my configuration is fine.

postfix