diff --git a/resources/docker/nginx-ui.conf b/resources/docker/nginx-ui.conf
index ec0d062a..4eacd6e7 100644
--- a/resources/docker/nginx-ui.conf
+++ b/resources/docker/nginx-ui.conf
@@ -19,3 +19,20 @@ server {
         proxy_pass http://127.0.0.1:9000/;
     }
 }
+
+# 拒绝空主机头，防止其他域名恶意解析
+# Reject unknown server_name to prevent malicious DNS
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    server_name _;
+    return 500;
+}
+
+server {
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
+    http2 on;
+    server_name _;
+    ssl_reject_handshake on;
+}