Minor "bug" in nginx

Michael Shadle mike503 at gmail.com
Thu Apr 30 00:17:20 MSD 2009


This is not really a 'bug' I think, but it is something that raises a
security flag, we got dinged on it. Now, it does not appear to
actually execute the proxy request, but it should return something
other than HTTP 200.

[mike at lvs01 ~]$ telnet test.foo.org 80
Trying 1.2.3.4...
Connected to test.foo.org.
Escape character is '^]'.
GET http://xmike.com HTTP/1.1
Host: xmike.com

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 29 Apr 2009 20:08:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 27
Last-Modified: Tue, 09 Dec 2008 19:54:37 GMT
Connection: keep-alive
Accept-Ranges: bytes

<html><body></body></html>

^]
telnet> quit


I don't believe nginx should allow for GET http://someforeignhost/
should it? Is there an actual use model for this?

If so, I would create a configuration parameter to allow remote
connections, or something. Returning an HTTP error with something back
such as:

510 Not Extended
503 Service Unavailable
501 Not Implemented
416 Requested Range Not Satisfiable
415 Unsupported Media Type
406 Not Acceptable
405 Method Not Allowed
403 Forbidden
400 Bad Request

Would be what I would suggest...





More information about the nginx mailing list