nginx erroneously reports period character as illegal in request headers
Maxim Dounin
mdounin at mdounin.ru
Tue Mar 20 13:00:30 UTC 2018
Hello!
On Mon, Mar 19, 2018 at 07:05:43PM -0400, mblancett wrote:
> Nginx is reporting invalid incoming headers with RFC-compliant headers that
> use a '.' (meaning, a period) within the name.
Yes. Because, while being RFC-complaint, these headers cause
various problems, some are listed here:
http://mailman.nginx.org/pipermail/nginx/2010-January/018271.html
As such, nginx reports these headers as invalid and ignores them.
Details on which headers are considered valid can be found here:
http://nginx.org/r/ignore_invalid_headers
[...]
> I am aware that I can allow illegal requests, but standards compliance is a
> strict requirement in our enterprise.
No, you can't allow illegal requests. You can, however, switch
off "ignore_invalid_headers", so nginx will accept and use headers
with any characters.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list