On Wed, Jan 13, 2021 at 2:04 PM sanjay wrote:
>
> Thanks for the update.
> I have already taken care to hide the "nginx".
>
> With CAPITAL letters, my testcase using "POSTSSS" for request_method, works
> fine.However, for mixed-case and small-case , nginx default rule applies and
> control doe
Hello!
On Wed, Jan 13, 2021 at 01:04:26AM -0500, sanjay wrote:
> Thanks for the update.
> I have already taken care to hide the "nginx".
The links I've provided explain why you shouldn't do this. In
particular, because this has nothing to do with security, and
because it is an easy way to
I would like to allow GET / POST / DELETE methods only. otherwise send 501
response. if ($request_method !~* ^(GET|DELETE|POST)$ ) { return 501 '{
"ver": "1.1.2", "txnid": "", "timestamp": "", "errorCode": "NotImplemented",
"errorMsg": "Request Method is not implemented"}'; }
I am using mixed case
Thanks for the update.
I have already taken care to hide the "nginx".
With CAPITAL letters, my testcase using "POSTSSS" for request_method, works
fine.However, for mixed-case and small-case , nginx default rule applies and
control does not reach my server block. hence I end up getting 400 error
wi
Hello!
On Tue, Jan 12, 2021 at 04:10:03AM -0500, sanjay wrote:
> Hi,
> I am using mixed case letters in request methods. nginx finalized http
> request to 400 becuase as per the standard Request Method is case sensitive.
> However it shows html response with last line showing "nginx".
>
>
Example used in testcase
request method = "POSTsss"
I would like to allow GET / POST / DELETE methods only. otherwise send 501
response.
if ($request_method !~* ^(GET|DELETE|POST)$ ) {
return 501 '{ "ver": "1.1.2", "txnid": "", "timestamp": "", "errorCode":
"NotImplemented", "errorMsg": "Reques
Hi,
I am using mixed case letters in request methods. nginx finalized http
request to 400 becuase as per the standard Request Method is case sensitive.
However it shows html response with last line showing "nginx".
Our security team says "you should not disclose web server details in the
respons
