Join Log in
Score:0
avatar Server

Return 444 Instead of 400

mt flag
John Deere

If someone makes an http request to an https resource on my nginx server, they get an error 400. "The plain HTTP request was sent to HTTPS port" Is there a way to return 444 instead?

When I search for this error, I can only find people that have had configuration issues they were trying to fix. But in my case, my configuration is fine - I'm trying to minimize impact of illegitimate requests.

Edit: I'm using this to prevent direct IP access to my server. If someone makes an http request, they get response 400 instead of 444. I just want no response.

server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    ssl_certificate /etc/nginx/ssl/n.pem;
    ssl_certificate_key /etc/nginx/ssl/n2.pem;
    server_name _;
    return 444;
}
794
1 + 4
vn flag
ceejayoz
This probably needs to be tackled at the application level.
0
Reply
Gerard H. Pille avatar
in flag
Gerard H. Pille
It would be better not to answer at all. Sending http to the https port takes effort, it can hardly be a mistake.
0
Reply
mt flag
John Deere
That's what I'm trying to figure out how to do. How do I just not answer at all, instead of returning error 400?
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
nginx handles that scenario internally. It is not something you can (or should) control.
0
Reply
Score:0
devitrified avatar Server
cn flag
devitrified

It's possible to have nginx respond with 444 this way:

error_page 497 =444 /444.html;

location = /444.html {
        return 444;
}
0 + 11
Michael Hampton avatar
cz flag
Michael Hampton
Where does the 497 error come from?
0
Reply
devitrified avatar
cn flag
devitrified
497 is the error code for HTTP Request Sent to HTTPS Port (https://en.wikipedia.org/wiki/List_of_HTTP_status_codes)
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
Interesting. I've never actually seen nginx send that code (and it sends 400 on my production boxes). When was this added and/or how do you enable it?
0
Reply
devitrified avatar
cn flag
devitrified
It's not officially documented, so very little info is available
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
Have you actually tried it to see if it works?
0
Reply
devitrified avatar
cn flag
devitrified
Of course, that's why i've posted it here. If you use a non-standard port for https you'll get baidu spiders and others hitting it eventually. They get 444 with this solution
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
OK, so how do you actually get it to work?
0
Reply
devitrified avatar
cn flag
devitrified
Just copy/paste these lines inside your server block and restart nginx
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
On what version of nginx?
0
Reply
devitrified avatar
cn flag
devitrified
I'm using nginx/1.15.8
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
That's even stranger, because I just tried it on 1.20.0 and it returns 400, not 497. Maybe this has been removed from the code.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.