Fixed request method must be already supported
Maxim Dounin
mdounin at mdounin.ru
Tue Jan 19 11:19:52 UTC 2016
Hello!
On Tue, Jan 19, 2016 at 12:04:54PM +0800, hyphen wrote:
> # HG changeset patch
> # User goecho <hyphen9 at foxmail.com>
> # Date 1453175856 -28800
> # Tue Jan 19 11:57:36 2016 +0800
> # Node ID 25548a0b15afd46f3177c34a3d6af1dbe830cef0
> # Parent 02abce4764b7c964e7ee6e10b1a7abf1fee95f79
> Fixed request method must be already supported
>
> diff -r 02abce4764b7 -r 25548a0b15af src/http/ngx_http_parse.c
> --- a/src/http/ngx_http_parse.c Tue Jan 12 19:19:07 2016 +0300
> +++ b/src/http/ngx_http_parse.c Tue Jan 19 11:57:36 2016 +0800
> @@ -264,7 +264,10 @@
> }
>
> break;
> - }
> +
> + default :
> + return NGX_HTTP_PARSE_INVALID_METHOD;
> + }
>
> state = sw_spaces_before_uri;
> break;
Current approach is to limit methods for resources served by nginx
itself, but allow unknown request methods to be passed to upstream
servers with proxy_pass. This is known to be required at least by
some well-known software - e.g., various MS tools introduce their
own methods like RPC_IN_DATA, and RESTful APIs sometimes do the
same.
If you want to limit methods allowed, you can do so by
using the "limit_except" and/or "if" directives, see here:
http://nginx.org/r/limit_except
http://nginx.org/r/if
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list