location regular expression not filtering some characters

CM Fields cmfileds at gmail.com
Tue Jun 19 15:46:32 UTC 2012

I am looking to filter all characters other then those specified in the
"location" regular expression. For example, [\w.]+$ should only allow one or
more letters, numbers, underscore and period just like [a-zA-Z0-9_.]

location ~* ^/data/[\w.]+$  {...}

When I test the url with wget I find the pound (#) and question mark (?) are
allowed through. For example...

This URL is valid and is allowed through
   wget "http://example.com/data/1234.txt"

This URL with the additional "#" should not be allowed thorugh, but it is.
   wget "http://example.com/data/12#34.txt"

Adding a question mark also gets through when it is supposed to be blocked like
the pound "#" above.
   wget "http://example.com/data/12?34.txt"

Are pound (#) and questions mark (?) matches being overridden in Nginx and thus
getting past my regular expression?

Does anyone know of a way to block the "#" or "?" that I am missing?

Just for clarity, I have no need for the "#" or "?" in my script and I can do
checks in the script to exclude these characters if necessary.

More information about the nginx mailing list