HttpLimitReqModule delivers "nginx/1.4.3" as a message for HTTP status code 429. Too generic!

Francis Daly francis at
Sun Oct 27 21:44:59 UTC 2013

On Sun, Oct 27, 2013 at 09:45:40PM +0100, Lukas Tribus wrote:

Hi there,

> > What you have shown looks well-formed to me, but doesn't look as useful
> > as you want.

> > What is confusing is that when I do something similar, I get different
> > output which does not look well-formed to me:

> I think nginx is returning the same thing for you both, and that curl
> fails to parse this bogus HTTP response (maybe you are using different
> curl releases).

If curl isn't showing exactly what is being returned, that would be
disappointing. I guess we could test with "nc" or "tcpdump" if necessary.

> >    Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF
> While nginx seems to return:
>   HTTP-Version SP Status-Code CRLF
> as per Francis' output.
> The Reason-Phrase clearly is a hard requirement and cannot be omitted.

It can't be omitted, but it can be zero-length. The SP before it looks
to be the part that shouldn't be omitted.

It looks like a straightforward fix:

diff -pru nginx-1.4.3/src/http/ngx_http_header_filter_module.c nginx-1.4.3-wip/src/http/ngx_http_header_filter_module.c
--- nginx-1.4.3/src/http/ngx_http_header_filter_module.c	2013-10-08 13:07:14.000000000 +0100
+++ nginx-1.4.3/src/http/ngx_http_header_filter_module.c	2013-10-27 21:25:20.693842199 +0000
@@ -448,7 +448,7 @@ ngx_http_header_filter(ngx_http_request_
         b->last = ngx_copy(b->last, status_line->data, status_line->len);
     } else {
-        b->last = ngx_sprintf(b->last, "%03ui", status);
+        b->last = ngx_sprintf(b->last, "%03ui ", status);
     *b->last++ = CR; *b->last++ = LF;

I think that line 270 in the file, which currently says

    len += NGX_INT_T_LEN;

should probably currently say something like

    len += 3; /* sizeof("404") */

and should be changed to say something like

    len += 4; /* sizeof("404 ") */

but since NGX_INT_T_LEN is at least 4 anyway, len is big enough to hold
the extra space without changing that line.

Extra eyes to ensure I've not done something stupid are welcome.

Francis Daly        francis at

More information about the nginx mailing list