NGINX / HTTP TRACE

Question

I have a http server Nginx with HTTP TRACE Enabled.

A single nmap --script=http-methods.nse host.name give this result :

Not shown: 988 closed ports 
PORT     STATE    SERVICE   VERSION 
[...] 
80/tcp   open     http                   nginx 
  | http-methods: GET HEAD POST OPTIONS TRACE
  | Potentially risky methods: TRACE
  |_See http://nmap.org/nsedoc/scripts/http-methods.html
[...]
443/tcp  open     ssl/http   Apache httpd 2.2.15 ((CentOS))
[...] 
Service Info: OS: Unix

And the Telnet result :

telnet host.name 80 Trying host.name... Connected to host.name. 
Escape character is '^]'.
OPTIONS / HTTP/1.1
Host: foo

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 26 Sep 2012 03:23:23 GMT
Content-Type: httpd/unix-directory
Connection: keep-alive
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 0


telnet host.name 80 Trying host.name... Connected to host.name. 
Escape character is '^]'. 
TRACE / HTTP/1.1 
Host: foo

**HTTP/1.1 405 Not Allowed** 
Server: nginx 
Date: Wed, 26 Sep 2012 03:27:09 GMT 
Content-Type: text/html Content-Length: 166 
Connection: close

Why I cant receive a 200 response ?

Answer 1

I checked the source and found this comment in the CHANGES file:

Changes with nginx 0.5.17 (02 Apr 2007)
*) Change: now nginx always returns the 405 status for the TRACE method.

And in ngx_http_request.c (current version), a quick check for trace results in lines 1582-1587:

 if (r->method & NGX_HTTP_TRACE) {
        ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
                      "client sent TRACE method");
        ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED);
        return NGX_ERROR;
    }

Looks like it always returns NGX_HTTP_NOT_ALLOWED if I followed the code right.