Is there a security risk for allowing people to set their DNS so their own subdomains can be route to my server?

Posted by DantheMan on Server Fault See other posts from Server Fault or by DantheMan
Published on 2011-06-21T22:28:17Z Indexed on 2011/06/22 0:25 UTC
Read the original article Hit count: 421

Filed under:
|

Lets say that I have a web application, built in Django and deployed with Nginx.

Is it a good idea to offer a service that allows customers to request that a subdomain can be pointed at it.

I figured this:

If I dont allow this, then some companies wont want to access the service from

http://mydjangoappmadeupname.com/bigcorporation/

They would rather access it through

http://service.bigcorporation.com

That would effectively mask that they are using an outside resource.

Is there a significant risk that I am overlooking? Also do you think it would be easier to just set things up in Django to handle it, allowing Nginx to accept all domains and then pushing them to Django which would filter out if they are allowed or not, or would it be better to just update my Nginx log each time a client wanted this changed?

© Server Fault or respective owner

Related posts about nginx

Related posts about django