HttpLimitReqModule delivers "nginx/1.4.3" as a message for HTTP status code 429. Too generic!

Francis Daly francis at daoine.org
Sun Oct 27 21:44:59 UTC 2013 

On Sun, Oct 27, 2013 at 09:45:40PM +0100, Lukas Tribus wrote:

Hi there,

> > What you have shown looks well-formed to me, but doesn't look as useful
> > as you want.

> > What is confusing is that when I do something similar, I get different
> > output which does not look well-formed to me:

> I think nginx is returning the same thing for you both, and that curl
> fails to parse this bogus HTTP response (maybe you are using different
> curl releases).

If curl isn't showing exactly what is being returned, that would be
disappointing. I guess we could test with "nc" or "tcpdump" if necessary.

> >    Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF
> 
> While nginx seems to return:
>   HTTP-Version SP Status-Code CRLF
> 
> as per Francis' output.
> 
> The Reason-Phrase clearly is a hard requirement and cannot be omitted.

It can't be omitted, but it can be zero-length. The SP before it looks
to be the part that shouldn't be omitted.


It looks like a straightforward fix:

diff -pru nginx-1.4.3/src/http/ngx_http_header_filter_module.c nginx-1.4.3-wip/src/http/ngx_http_header_filter_module.c
--- nginx-1.4.3/src/http/ngx_http_header_filter_module.c	2013-10-08 13:07:14.000000000 +0100
+++ nginx-1.4.3/src/http/ngx_http_header_filter_module.c	2013-10-27 21:25:20.693842199 +0000
@@ -448,7 +448,7 @@ ngx_http_header_filter(ngx_http_request_
         b->last = ngx_copy(b->last, status_line->data, status_line->len);
 
     } else {
-        b->last = ngx_sprintf(b->last, "%03ui", status);
+        b->last = ngx_sprintf(b->last, "%03ui ", status);
     }
     *b->last++ = CR; *b->last++ = LF;
 

I think that line 270 in the file, which currently says

    len += NGX_INT_T_LEN;

should probably currently say something like

    len += 3; /* sizeof("404") */

and should be changed to say something like

    len += 4; /* sizeof("404 ") */

but since NGX_INT_T_LEN is at least 4 anyway, len is big enough to hold
the extra space without changing that line.

Extra eyes to ensure I've not done something stupid are welcome.

	f
-- 
Francis Daly        francis at daoine.org

More information about the nginx mailing list