Nginx processing requests without a host header
I would like Nginx to 444
when processing a request without a host
header.
I have read http://nginx.org/en/docs/http/request_processing.html and Nginx default host when not defined, where it says:
"If its value does not match any server name, or the request does not contain
this header field at all, then nginx will route the request to the default server
for this port."
I've configured
server {
listen 80 default_server;
# Since version 0.8.48, this is the default setting for the server name,
# so the server_name "" can be omitted.
# server_name "";
return 444;
}
Then I request
telnet localhost 80<enter>
GET / HTTP/1.1<enter>
<enter>
and receive a 400
, not the 444
I expected:
HTTP/1.1 400 Bad Request
Server: nginx/1.2.5
Date: Wed, 28 Nov 2012 21:01:59 GMT
Content-Type: text/html
Content-Length: 172
Connection: close
[body]
The same happens when I
telnet localhost 80<enter>
GET / HTTP/1.1<enter>
Host:<enter>
How can I get Nginx to 444 when no host
header is provided? Is this not possible if the the server considers the request a bad request?
Solution 1:
HTTP 1.1 requests must contain a host header. If they don't do so, a server must reply with error 400. See also RFC 2316, section 14.23
Solution 2:
You can still catch the 400 error and return a 444 instead. The following worked for me on requests without a Host
header
server {
listen 80;
server_name "";
return 444;
error_page 400 = @400;
location @400 {
return 444;
}
}
PS you still get a 400 if you don't send a GET /xxx HTTP/1.x
, POST /xxx HTTP/1.x
, HEAD /xxx HTTP/1.x
, or strangely just GET /
.