Develop Reference

problem with telnet HTTP/1.1 400 Bad Request

I was trying to do this:
Telnet into a Web server and send a multiline request message. Include in the request message the If-modified-since: header line to force a response message with the 304 Not Modified status code.
so I did steps below
telnet example.com 80
and then
GET /index.html HTTP/1.1
Host: example.com
and two enter.
and I got some information.
I added
If-modified-since: Thu, 17 Oct 2019 06:18:26 GMT
but still no 304 not modified.
this is what I get after GEt and Host
and
HTTP/1.0 501 Not Implemented
Content-Type: text/html
Content-Length: 357
Connection: close
Date: Fri, 30 Apr 2021 16:10:33 GMT
Server: ECSF (dcb/7F80)

HTTP/1.1 needs the Host header.
Your request should be:
GET /index.html HTTP/1.1
Host: hostname.tld
Edit
So if you are connecting to example.com:
GET /index.html HTTP/1.1
Host: example.com

How to ignore a http header line with missing colon separator in golang

I am facing a problem in golang http server where client is sending a http request with invalid parameters in header. The request parameters are as follows:
GET /a-53-qf21489190x38856_2/yy HTTP/1.1
Host: xxx.xxx.xxx.xxx:80
User-Agent: mot-w845
Connection: Keep-Alive
Profile: http://10.213.2.68
X-MDN9035445271
accept: application/vnd.wap.mms-message
accept-language: en
accept-charset: US-ASCII, ISO-8859-1, UTF-8
HTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Connection: close
Here X-MDN9035445271 doesn't contain colon (:) separator, because of this server is returning bad request. Is there any way to ignore such kind of header and process the request normally.

How can I create the 405 error

I need to test 405 error page, but I have no idea how to create the 405 error.
Is there a way to reproduce 405 error on my site?

HTTP response status code 405 means Method Not Allowed. This status code states that HTTP method was received and recognized by the server, but the server has rejected that particular method for the requested resource.
The easiest way to stimulate the response code 405 is to either
Try to access a non-existing resource/URL
Try to access an existing resource without the proper permission.
Try the following example with an HTTP tool like Postman
The following HTTP request tries to use PUT method on /api/values/ without the right permission
PUT /api/values/1 HTTP/1.1
Content-type: application/json
Host: localhost
Accept: */*
Content-Length: 12
"Some Value"
HTTP Response states code 405
HTTP/1.1 405 Method Not Allowed
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Wed, 15 May 2013 02:38:57 GMT
Content-Length: 72
{"Message":"The requested resource does not support http method 'PUT'."}

Ignore or modify request headers in NGINX

I need to make NGINX ignore / modify a request header.
Problem is some IoT devices are sending a HEAD request with the wrong Content-Length header. That makes NGINX wait for more content and then timeout.
Both dropping the Content-Length header or setting it to 0 should do the trick.
Example
This fails
HEAD / HTTP/1.1
Host: MY_HOST
Content-Length: 59
Content-Type: text/html
Connection: close
This works (Content-Length: 0)
HEAD / HTTP/1.1
Host: MY_HOST
Content-Length: 0
Content-Type: text/html
Connection: close
This works too (no Content-Length)
HEAD / HTTP/1.1
Host: MY_HOST
Content-Type: text/html
Connection: close
How can I make it happen?

I discovered that there's a NGINX module named HeadersMore that allow modifying input headers (and more).
In particular more_clear_input_headers allows to remove input headers and more_set_input_headers allows to modify input headers.
In my case
more_clear_input_headers "Content-Length";
or
more_set_input_headers "Content-Length: 0";

Cors Blocks Request with status 403 on Nginx

I am facing a strange issue with running CORS on Nginx, CORS is working fine for everything but one scenario when the Server responds with a 403 http response.
Basically when I login with correct credentials the cors request works fine , however when I provide wrong credentials for login the server(backend) responds with a 403 status and I get the following error
"NetworkError: 403 Forbidden - http://mydomain.com/v1/login"
login
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://mydomain.com/v1/login. This can be fixed by moving the resource to the same domain or enabling CORS.
If the credentials are correct I don't get this error and everything works perfectly.
I have done the configuration for enabling CORS and it seems to be working fine for everything else.
Following are the Request Headers
Request Headers
User-Agent:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0
Referer:http://abc.mydomain.com/
Pragma: no-cache
Origin: http://abc.mydomain.com
Host: www.mydomain.com
Content-Type: application/json;charset=utf-8
Content-Length: 74
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Accept: application/json, text/plain, /
Response Headers
Server: nginx/1.4.1
Date: Tue, 10 Jun 2014 05:28:30 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 76
Connection: keep-alive

An option for nginx(>=1.75) is to specify always parameter in add_header :
If the always parameter is specified (1.7.5), the header field will be
added regardless of the response code.

I assume that you are using add_header directive to add CORS headers in the nginx configuration.
Nginx modules reference states about add_header:
Adds the specified field to a response header provided that the response code equals 200, 201, 204, 206, 301, 302, 303, 304, or 307.
To fix problem you could use ngx_headers_more module to set CORS headers also to error responses.
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
more_set_headers 'Access-Control-Allow-Headers: Content-Type, Origin, Accept, Cookie';