I would like to allow GET / POST / DELETE methods only. otherwise send 501 response. if ($request_method !~* ^(GET|DELETE|POST)$ ) { return 501 '{ "ver": "1.1.2", "txnid": "", "timestamp": "", "errorCode": "NotImplemented", "errorMsg": "Request Method is not implemented"}'; }
I am using mixed case letters ( "POSTsss" for request method ) in request methods. nginx finalized http request to 400 because as per the standard Request Method is case sensitive. However it shows HTML response with last line showing "nginx".
Our security team says "you should not disclose web server details in the response for a request" We have implemented solution to hide server name and version.
However, in this case control does not reach any of our server/location block . so that I can override the 400 error.
Please help it out.