Nginx processing requests without a host header

I would like Nginx to 444 when processing a request without a host header.

I have read http://nginx.org/en/docs/http/request_processing.html and Nginx default host when not defined, where it says:

"If its value does not match any server name, or the request does not contain
this header field at all, then nginx will route the request to the default server 
for this port."

I've configured

server {
  listen 80 default_server;

  # Since version 0.8.48, this is the default setting for the server name, 
  # so the server_name "" can be omitted.
  # server_name "";

  return 444;
}

Then I request

telnet localhost 80<enter>
GET / HTTP/1.1<enter>
<enter>

and receive a 400, not the 444 I expected:

HTTP/1.1 400 Bad Request
Server: nginx/1.2.5
Date: Wed, 28 Nov 2012 21:01:59 GMT
Content-Type: text/html
Content-Length: 172
Connection: close

[body]

The same happens when I

telnet localhost 80<enter>
GET / HTTP/1.1<enter>
Host:<enter>

How can I get Nginx to 444 when no host header is provided? Is this not possible if the the server considers the request a bad request?

Solution 1:

HTTP 1.1 requests must contain a host header. If they don't do so, a server must reply with error 400. See also RFC 2316, section 14.23

Solution 2:

You can still catch the 400 error and return a 444 instead. The following worked for me on requests without a Host header

server {
        listen      80;
        server_name "";
        return      444;
        error_page 400 = @400;
        location @400 {
                return 444;
        }
}

PS you still get a 400 if you don't send a GET /xxx HTTP/1.x, POST /xxx HTTP/1.x, HEAD /xxx HTTP/1.x, or strangely just GET /.

Nginx processing requests without a host header

Solution 1:

Solution 2:

Related

Recent Posts