Minor "bug" in nginx

Michael Shadle mike503 at gmail.com
Thu Apr 30 02:57:28 MSD 2009

On Wed, Apr 29, 2009 at 3:01 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:

> It MUST per RFC2616.  There is no difference between
> GET http://example.com/ HTTP/1.1
> Host: ignored
> and
> GET / HTTP/1.1
> Host: example.com
> See RFC2616 for details (5.2 The Resource Identified by a Request).

Okay, I see - so it is serving up HTTP 200 because I have a "catchall"
server_name _ somewhere.

I will explain this to the "security company" that did the audit of
our server, that per RFC, it should accept this kind of request, it is
the -action- that is the issue. Maybe also we just failed because I
issued an HTTP 200 instead of a 404 due to the catchall.

More information about the nginx mailing list