nginx erroneously reports period character as illegal in request headers
mdounin at mdounin.ru
Tue Mar 20 13:00:30 UTC 2018
On Mon, Mar 19, 2018 at 07:05:43PM -0400, mblancett wrote:
> Nginx is reporting invalid incoming headers with RFC-compliant headers that
> use a '.' (meaning, a period) within the name.
Yes. Because, while being RFC-complaint, these headers cause
various problems, some are listed here:
As such, nginx reports these headers as invalid and ignores them.
Details on which headers are considered valid can be found here:
> I am aware that I can allow illegal requests, but standards compliance is a
> strict requirement in our enterprise.
No, you can't allow illegal requests. You can, however, switch
off "ignore_invalid_headers", so nginx will accept and use headers
with any characters.
More information about the nginx