id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,uname,nginx_version 1971,Invalid 200 (OK) response code to range request,topoden@…,,"**Observed behaviour:** nginx responds with 200 (OK) to 0-10 ranged request for empty file. Relevant part of nginx configuration file: {{{ server { listen localhost:9998 backlog=65536 deferred reuseport; autoindex on; root ~/nginx_tests/files; location / { } } }}} Steps to reproduce: {{{ ~/nginx_tests$ touch files/empty.txt ~/nginx_tests$ curl http://localhost:9998/empty.txt -i -H ""Range: bytes=0-10"" HTTP/1.1 200 OK Server: nginx/1.14.0 Date: Thu, 07 May 2020 08:00:22 GMT Content-Type: text/plain Content-Length: 0 Last-Modified: Thu, 07 May 2020 08:00:07 GMT Connection: keep-alive ETag: ""5eb3c007-0"" Accept-Ranges: bytes }}} **Expected behaviour:** According to https://tools.ietf.org/html/rfc7233#section-2.1, nginx was expected to return 416 (Range Not Satisfiable): {{{ If a valid byte-range-set includes at least one byte-range-spec with a first-byte-pos that is less than the current length of the representation, or at least one suffix-byte-range-spec with a non-zero suffix-length, then the byte-range-set is satisfiable. **Otherwise, the byte-range-set is unsatisfiable.** }}} **Possibly related nginx source code:** Because the code adjusts parsed `end` value with content size here: https://trac.nginx.org/nginx/browser/nginx/src/http/modules/ngx_http_range_filter_module.c#L363 It mistakenly decides that parsed range is invalid and returns `NGX_DECLINED` here: https://trac.nginx.org/nginx/browser/nginx/src/http/modules/ngx_http_range_filter_module.c#L391 The code then handles valid ranged request as invalid here: https://trac.nginx.org/nginx/browser/nginx/src/http/modules/ngx_http_range_filter_module.c#L249 ",defect,closed,minor,,nginx-module,1.19.x,invalid,ranged request,,Linux 4.4.0-70-generic #91~14.04.1-Ubuntu SMP Wed Mar 22 15:48:21 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux,"nginx version: nginx/1.14.0 built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.4) built with OpenSSL 1.0.1f 6 Jan 2014 TLS SNI support enabled "