Hey Maxim, > I still think it's a "no". If needed, allowed characters can be > easily restricted by a configuration.
Just to make a point: $ curl -I nginx.org HTTP/1.1 200 OK Server: nginx/1.7.7 Date: Mon, 12 Jan 2015 23:42:27 GMT Content-Type: text/html; charset=utf-8 Content-Length: 8981 Last-Modified: Tue, 23 Dec 2014 15:38:45 GMT Connection: keep-alive Keep-Alive: timeout=15 ETag: "54998c85-2315" Accept-Ranges: bytes $ curl -I nginx.org -H"Host: /" HTTP/1.1 400 Bad Request Server: nginx/1.7.7 Date: Mon, 12 Jan 2015 23:42:38 GMT Content-Type: text/html Content-Length: 172 Connection: close $ curl -I nginx.org -H"Host: \$" curl: (52) Empty reply from server You cannot possibly tell me that's correct and/or expected behavior? And that's not even a control character. Best regards, Piotr Sikora _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel