There are many security reasons why one would want to drop an HTTP connection with no response (eg. OWASP's SSL best practices). When these can be detected at the server level then it's no big deal. However, what if you can only detect this condition at the application level?
Does Rails, or more generally Rack, have any standard way of telling the server to drop the connection without a response? If not, are there some standard headers to pass in that will accomplish that in common web servers (I'm thinking Nginx or Apache)? Even if there is not a standard header is there a reasonable way to configure that behavior? Is this a fool's errand?
Nginx has a mechanism for this. When you are returning a special status code 444 (it's non-standard), Nginx silently drops the connection. This happens only when you return this code from the Nginx config, i.e. like
location = /drop {
return 444;
}
and you cannot return this status code from your application. The workaround is to return X-Accel-Redirect: /drop header from the app to tell Nginx use /drop location for this request.