Request Method Using Mixed case letters.

Maxim Dounin mdounin at
Tue Jan 12 13:37:22 UTC 2021


On Tue, Jan 12, 2021 at 04:10:03AM -0500, sanjay9999 wrote:

> Hi, 
> I am using mixed case letters in request methods. nginx finalized http
> request to 400 becuase as per the standard Request Method is case sensitive.
> However it shows html response with last line showing "nginx". 
> Our security team says "you should not disclose web server details in the
> response for a request"
> We have implemented solution to hide server name and version.
> However, in this case control does not reach any of out server/location
> block . so that I can override the 400 errror.

Consider reading these tickets:

In particular, consider showing this Wikipedia article to your 
"security team":

If you really want to hide "nginx" regardless of what's written in 
the above links, you can do so using the server_tokens directive 

    server_tokens "";

This only works in the commercial version though.

Maxim Dounin

More information about the nginx mailing list