I would like to allow GET / POST / DELETE methods only. otherwise send 501
response. if ($request_method !~* ^(GET|DELETE|POST)$ ) { return 501 '{
"ver": "1.1.2", "txnid": "", "timestamp": "", "errorCode": "NotImplemented",
"errorMsg": "Request Method is not implemented"}'; }
I am using mixed case
Thanks for the update.
I have already taken care to hide the "nginx".
With CAPITAL letters, my testcase using "POSTSSS" for request_method, works
fine.However, for mixed-case and small-case , nginx default rule applies and
control does not reach my server block. hence I end up getting 400 error
wi
On Wed, Jan 13, 2021, at 02:46, Maxim Dounin wrote:
> The X-Forwarded-For is expected to contain multiple addresses, with
> the last one being from the last proxy. It is up to the reader of
> the header to trust or not particular values from the header.
>
> For example, in the realip module n
Hello!
On Tue, Jan 12, 2021 at 11:14:50PM +0900, nanaya wrote:
> Should there be warning in documentation on usage of
> $proxy_add_x_forwarded_for for X-Forwarded-For proxy header on edge proxies?
>
> I keep seeing config examples with proxy settings like this:
>
> proxy_set_header X-Forwarded
Hello!
On Tue, Jan 12, 2021 at 08:59:44AM -0500, Flinou wrote:
> Hello !
>
> Here is the output of nginx -V :
>
>
> nginx version: nginx/1.19.2
> built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
> built with OpenSSL 1.1.1g 21 Apr 2020
> TLS SNI support enabled
> configure arguments: --pr
Should there be warning in documentation on usage of $proxy_add_x_forwarded_for
for X-Forwarded-For proxy header on edge proxies?
I keep seeing config examples with proxy settings like this:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Which doesn't make sense on edge servers as
Hello !
Here is the output of nginx -V :
nginx version: nginx/1.19.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
built with OpenSSL 1.1.1g 21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/opt/nginx/1.19.2 --with-cc-opt='-I
/logiciels/openssl/1.1.1/include/ -fstack-pr
Hello!
On Tue, Jan 12, 2021 at 04:10:03AM -0500, sanjay wrote:
> Hi,
> I am using mixed case letters in request methods. nginx finalized http
> request to 400 becuase as per the standard Request Method is case sensitive.
> However it shows html response with last line showing "nginx".
>
>
Example used in testcase
request method = "POSTsss"
I would like to allow GET / POST / DELETE methods only. otherwise send 501
response.
if ($request_method !~* ^(GET|DELETE|POST)$ ) {
return 501 '{ "ver": "1.1.2", "txnid": "", "timestamp": "", "errorCode":
"NotImplemented", "errorMsg": "Reques
Hi,
I am using mixed case letters in request methods. nginx finalized http
request to 400 becuase as per the standard Request Method is case sensitive.
However it shows html response with last line showing "nginx".
Our security team says "you should not disclose web server details in the
respons
10 matches
Mail list logo
