GET differs between nginx and Apache

Toni Mueller support-nginx at oeko.net
Mon Jun 21 01:06:43 MSD 2010


Hi,

I just saw this:

$ telnet www.example.com 80
Trying 193.221.127.145...
Connected to www.example.com.
Escape character is '^]'.
GET http://allrequestsallowed.com/?PHPSESSID=5gh6ncjh00043P%5BPHTT%40YCFEJGV%5B HTTP/1.1
Host: www.example.com

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.65
Date: Sun, 20 Jun 2010 21:00:50 GMT
Content-Type: text/html
Content-Length: 161
Connection: keep-alive
Location:
http://www.example.com:80/?PHPSESSID=5gh6ncjh00043P%5BPHTT%40YCFEJGV%5B

<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx/0.7.65</center>
</body>
</html>


On Apache, I get a 200 and the index.html in the DocumentRoot.

I'd much prefer to throw a 40x at these (ab-)users, than having them
"jump" onto my servers, but couldn't yet achieve this, using the
following rule:

location ^~ [^/] {
	return 400;
}



Kind regards,
--Toni++




More information about the nginx mailing list