No Response
Production Risk
Low — when used correctly this is a useful security measure. Incorrectly applied, it can silently block legitimate clients.
444 No Response is an nginx-specific status code used internally to instruct nginx to close the connection immediately without sending any response to the client. It is typically used to block malicious or unwanted requests silently.
- 1nginx is configured to silently drop certain requests (e.g., from known bad bots or attackers) using return 444.
- 2A security rule or rate-limiting rule in nginx matched the request and is blocking it with no response.
- 3Legitimate clients will never see this code — it causes the connection to be dropped, appearing as a connection refused or reset to the client.
An automated scanner or bot hits an nginx server configured to block it silently.
# nginx.conf
server {
if ($http_user_agent ~* (masscan|nikto|sqlmap)) {
return 444;
}
}expected output
Connection reset by peer (no HTTP response sent)
Fix
Use 444 to silently block malicious bots
WHEN You want to drop attacker connections without revealing server information.
# nginx.conf — block empty User-Agent (common in scanners)
if ($http_user_agent = "") {
return 444;
}Why this works
Drops the TCP connection immediately, giving attackers no information about the server.
✕ Do not use 444 for legitimate API rejections
Use 400, 401, or 429 so legitimate clients receive a useful error message.
nginx-internal only. The client receives a TCP connection close, not an HTTP response.
Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev