NGINX: Why limiting request methods is not necessary
If you want to harden nginx you might come across this piece of configuration:
if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 405; }
The idea behind this is that nginx checks for any incoming request, if the request method is either GET
, HEAD
or POST
. If the request method is different, nginx will return HTTP status code 405
("Method is not allowed"). There are other examples which return nginx' non-standard return code 444
("Connection closed without response") instead. Here is why I think you can omit that piece of configuration and save some CPU cycles...