id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 2050 unrecognized method is rejected incorrectly usadson@… "Recently I've been working on a HTTP/1.1 conformance tool, and found out that nginx doesn't conform to the RFC 7230 Section 3.1.1. Example request: {{{ CZPzPoF!fYNR / HTTP/1.1 Host: localhost }}} The method may seem illegal, but it actually isn't. A method is defined by the RFC as a token, which is one of more tchars: {{{ tchar = ""!"" / ""#"" / ""$"" / ""%"" / ""&"" / ""'"" / ""*"" / ""+"" / ""-"" / ""."" / ""^"" / ""_"" / ""`"" / ""|"" / ""~"" / DIGIT / ALPHA }}} The server responds with status-code 400 (Bad Request), which it shouldn't. In the cases where it doens't recognize the method a 501 (Not Implemented) is recommended. Lines 152 to 154 of src/http/ngx_http_parse.c are the problem: {{{ if ((ch < 'A' || ch > 'Z') && ch != '_' && ch != '-') { return NGX_HTTP_PARSE_INVALID_METHOD; } }}}" defect closed minor nginx-core 1.19.x wontfix usadson@… Linux hidden 5.4.0-48-generic #52-Ubuntu SMP Thu Sep 10 10:58:49 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux "nginx version: nginx/1.19.3 built by gcc 9.3.0 (Ubuntu 9.3.0-10ubuntu2) configure arguments:"