Welcome! Log In Create A New Profile

Advanced

Re: Request Method Using Mixed case letters.

Maxim Dounin
January 12, 2021 08:38AM
Hello!

On Tue, Jan 12, 2021 at 04:10:03AM -0500, sanjay9999 wrote:

> Hi,
> I am using mixed case letters in request methods. nginx finalized http
> request to 400 becuase as per the standard Request Method is case sensitive.
> However it shows html response with last line showing "nginx".
>
> Our security team says "you should not disclose web server details in the
> response for a request"
> We have implemented solution to hide server name and version.
>
> However, in this case control does not reach any of out server/location
> block . so that I can override the 400 errror.

Consider reading these tickets:

https://trac.nginx.org/nginx/ticket/936
https://trac.nginx.org/nginx/ticket/1644

In particular, consider showing this Wikipedia article to your
"security team":

https://en.wikipedia.org/wiki/Security_through_obscurity

If you really want to hide "nginx" regardless of what's written in
the above links, you can do so using the server_tokens directive
(http://nginx.org/r/server_tokens):

server_tokens "";

This only works in the commercial version though.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Request Method Using Mixed case letters.

sanjay9999 January 12, 2021 04:10AM

Re: Request Method Using Mixed case letters.

sanjay9999 January 12, 2021 04:21AM

Re: Request Method Using Mixed case letters.

Maxim Dounin January 12, 2021 08:38AM

Re: Request Method Using Mixed case letters.

sanjay9999 January 13, 2021 01:04AM

Re: Request Method Using Mixed case letters.

sanjay9999 January 13, 2021 01:07AM

Re: Request Method Using Mixed case letters.

Maxim Dounin January 13, 2021 08:28AM

Re: Request Method Using Mixed case letters.

Jeffrey 'jf' Lim January 13, 2021 09:02AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 83
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready