The Value of Closing Connections on Bad Requests

The value is in avoiding having higher-level application software (php, wordpress, whatever) work with and possibly mishandle malformed requests. Since the nginx layer is evaluating for protocol correctness, and not attempting to actually do anything with the request, it’s providing a pre-filter.

Terminating the connection abruptly doesn’t win you much. It tells the attacker what defensive system you’re using, and the same means would be achieved with a generic 404 response with less usefulness to the attacker. But it’s the sort of dramatic security theater that crops up now and again, and it doesn’t do any real harm to anyone.

Leave a Reply

Your email address will not be published. Required fields are marked *