Hello! On Thu, May 22, 2014 at 02:29:23AM -0300, George Fleury wrote:
> Hi all, > > i'm porting apache https mod_cluster to NGINX, however the methods used for > internal control mod_cluster > use the character '-' (ex: ENABLE-APP), and for NGINX these methods are > invalid because of character '- ‘. > Now comes my doubts, gave a quick read in RFCs 2616 and 822 and found nothing > saying that the '-' character > can not be used in token methods of http/1.1. Is that right or there is a > reason? As of now, nginx doesn't allow any characters other than uppercase latin letters and "_" in method names. While this is stricter than what HTTP requires, though covers almost all known valid uses, thus limiting potential attack vectors. See the thread here for previous discussion on this: http://mailman.nginx.org/pipermail/nginx-devel/2013-July/003929.html -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
