Hi
I am trying to configure Nginx to deny HTTP HEAD requests
- By adding the following to configuration file
if ($request_method !~ ^(GET)$) {
return 405;
}
- Explicitly in the module
if (!(r->method & (NGX_HTTP_GET))) {
return NGX_HTTP_NOT_ALLOWED;
}
Nginx returns 405 status code but the response content length is not 0
it’s counting the error page text but when coming to send the response
it
ignores the body because it is HEAD request
HTTP/1.1 405 Not Allowed
Server: nginx
Date: Wed, 29 May 2013 11:35:02 GMT
Content-Type: text/html
Content-Length: 161
Connection: keep-alive
*No-Body
Please Advise
Thanks
Hagai A.
Hello!
On Wed, May 29, 2013 at 02:49:46PM +0300, Hagai A. wrote:
- Explicitly in the module
Server: nginx
Date: Wed, 29 May 2013 11:35:02 GMT
Content-Type: text/html
Content-Length: 161
Connection: keep-alive
*No-Body
And the question is? The behaviour you observe is correct as per
HTTP protocol.
–
Maxim D.
http://nginx.org/en/donation.html
Hi
I thought HEAD should behave as GET only in case of success
after reading the RFC I understand it’s should be the same on any
response
Thanks
On Wed, May 29, 2013 at 3:10 PM, Maxim D. [email protected]
wrote:
if ($request_method !~ ^(GET)$) {
it’s counting the error page text but when coming to send the response it
nginx Info Page
–
Hagai A.
Qwilt | Work: +972-72-2221644| Mobile: +972-54-4895656 |
[email protected][email protected]