On Mon, Jan 12, 2015 at 03:45:03PM -0800, Piotr Sikora wrote: > Hey Maxim, > > > I still think it's a "no". If needed, allowed characters can be > > easily restricted by a configuration. > > Just to make a point: > > $ curl -I nginx.org > HTTP/1.1 200 OK > Server: nginx/1.7.7 > Date: Mon, 12 Jan 2015 23:42:27 GMT > Content-Type: text/html; charset=utf-8 > Content-Length: 8981 > Last-Modified: Tue, 23 Dec 2014 15:38:45 GMT > Connection: keep-alive > Keep-Alive: timeout=15 > ETag: "54998c85-2315" > Accept-Ranges: bytes > > $ curl -I nginx.org -H"Host: /" > HTTP/1.1 400 Bad Request > Server: nginx/1.7.7 > Date: Mon, 12 Jan 2015 23:42:38 GMT > Content-Type: text/html > Content-Length: 172 > Connection: close > > $ curl -I nginx.org -H"Host: \$" > curl: (52) Empty reply from server > > You cannot possibly tell me that's correct and/or expected behavior? > And that's not even a control character.
That's because this site is configured to reject unknown server names, like here: http://nginx.org/en/docs/http/server_names.html#miscellaneous_names : In catch-all server examples the strange name “_” can be seen: : : server { : listen 80 default_server; : server_name _; : return 444; : } _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
