Invalid host header is being accepted by NGINX
Invalid host names are being accepted by GitLab NGINX:
curl -s -o /dev/null -w "%{http_code}\n" https://my-gitlab-fqdn/users/sign_in -H 'Host: invalid.host.com'
In order to prevent this, a new server block returning 404 has to be placed on TOP of the rest of the server block in the generated /var/opt/gitlab/nginx/conf/gitlab-http.conf
file, which does not seem to be possible with the way gitlab.rb
works as it places all customization at the BOTTOM (nginx['custom_gitlab_server_config']
in gitlab.rb
).
server {
return 404;
}
More at: https://serverfault.com/a/559097