Is there a security risk for allowing people to set their DNS so their own subdomains can be route to my server?

Posted by DantheMan on Server Fault See other posts from Server Fault or by DantheMan
Published on 2011-06-21T22:28:17Z Indexed on 2011/06/22 0:25 UTC
Read the original article Hit count: 397

Filed under:

nginx

|

django

Lets say that I have a web application, built in Django and deployed with Nginx.

Is it a good idea to offer a service that allows customers to request that a subdomain can be pointed at it.

I figured this:

If I dont allow this, then some companies wont want to access the service from

http://mydjangoappmadeupname.com/bigcorporation/

They would rather access it through

http://service.bigcorporation.com

That would effectively mask that they are using an outside resource.

Is there a significant risk that I am overlooking? Also do you think it would be easier to just set things up in Django to handle it, allowing Nginx to accept all domains and then pushing them to Django which would filter out if they are allowed or not, or would it be better to just update my Nginx log each time a client wanted this changed?

© Server Fault or respective owner

Related posts about nginx

ModSecurity compile error on nginx

as seen on Server Fault - Search for 'Server Fault'
I'm trying to install ModSecurity on nginx with the following instructions : wget https://github.com/SpiderLabs/ModSecurity/archive/master.zip unzip master cd ModSecurity-master ./autogen.sh ./configure --enable-standalone-module And i got the following error : Checking plataform... Identified… >>> More
Cannot Start Nginx Compiled from Source

as seen on Server Fault - Search for 'Server Fault'
I am trying to compile Nginx from source based on the original compiled Nginx server running on my DigitalOcean server ( Ubuntu-14.04 64x ) but with a few extra modules. I can get everything installed smoothly but I can not get it to start. I am sure the ini is correct because I copied the original… >>> More
Nginx http_mp4_module seam installed but dont work

as seen on Server Fault - Search for 'Server Fault'
I try to use the http_mp4_module on my Ubuntu server but that didnt seem to work at all. When i check nginx -V i get : nginx version: nginx/1.1.19 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body… >>> More
GeoIP and Nginx

as seen on Server Fault - Search for 'Server Fault'
I have a nginx with geoip, but it is not working rightly. The issue is the next: Nginx are getting geodata from $_SERVER['REMOTE_ADDR'] instead of $_SERVER['HTTP_X_HAPROXY_IP'], which have the real client ip. So, the reported geodata belongs to my server ip instead of client ip. Does anybody where… >>> More
Nginx1.6.1: Installing from source not running corectly

as seen on Server Fault - Search for 'Server Fault'
I just installed Nginx 1.6.1 from source but it didn't seem to installed correctly. Nginx is running if I service nginx status but when I do nginx -v it outputs command not found. Regular HTML page shows fine and there is no error in the error logs. I am on AWS Ec2 linux AMI. Here is my /etc/init… >>> More

Related posts about django

Overriding the save() method of a model that uses django-mptt

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been using django-mptt in my project for a while now, it's fabulous. Recently, I've found a need to override a model's save() method that uses mptt, and I'm getting an error when I try to save a new instance of that model: Exception Type: ValueError at /admin/scrivener/page/add/ Exception Value:… >>> More
Where is meta.local_fields set in django.db.models.base.py ?

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm getting the error: Exception Value: (1110, "Column 'about' specified twice") As I was reviewing the Django error page, I noticed that the customizations the model User, seem to be appended to the List twice. This seems to be happening here in django/db/model/base.py in base_save(): values… >>> More
Deploying Django on EC2 using Bitnami Djangostack: WSGI script cannot be loadded

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been struggling to deploy Django application on Amazon EC2 using Bitnami Djangostack for the last couple of days. When I go to http://dewey.io I see the default bitnami page (/opt/bitnami/apache2/htdocs/index.html), however, when I open http://dewey.io/portnoy, I get 'Internal Server Error'… >>> More
Internal Server Error with mod_wsgi [django] on windows xp

as seen on Stack Overflow - Search for 'Stack Overflow'
when i run development server it works very well, even an empty project runing in mod_wsgi i have no problem but when i want to put my own project i get an Internal Server Error (500) in my apache conf i put WSGIScriptAlias /codevents C:/django/apache/CODEvents.wsgi <Directory "C:/django/apache"> Order… >>> More
Internal Server Error with mod_wgsi [django] on windows xp

as seen on Stack Overflow - Search for 'Stack Overflow'
when i run development server it works very well, even an empty project runing in mod_wsgi i have no problem but when i want to put my own project i get an Internal Server Error (500) in my apache conf i put WSGIScriptAlias /codevents C:/django/apache/CODEvents.wsgi <Directory "C:/django/apache"> Order… >>> More