nginx erroneously reports period character as illegal in request headers

Maxim Dounin mdounin at
Tue Mar 20 13:00:30 UTC 2018


On Mon, Mar 19, 2018 at 07:05:43PM -0400, mblancett wrote:

> Nginx is reporting invalid incoming headers with RFC-compliant headers that
> use a '.' (meaning, a period) within the name. 

Yes.  Because, while being RFC-complaint, these headers cause 
various problems, some are listed here:

As such, nginx reports these headers as invalid and ignores them.  
Details on which headers are considered valid can be found here:


> I am aware that I can allow illegal requests, but standards compliance is a
> strict requirement in our enterprise.

No, you can't allow illegal requests.  You can, however, switch 
off "ignore_invalid_headers", so nginx will accept and use headers 
with any characters.

Maxim Dounin

More information about the nginx mailing list