rewrite causing $ to be escaped

Maxim Dounin mdounin at
Tue Dec 15 01:25:45 UTC 2015


On Mon, Dec 14, 2015 at 04:26:33PM -0800, Sunil Shah wrote:

> We're running Jenkins behind an Nginx reverse proxy and see issues where
> Jenkins running in Tomcat returns 404 because it receives URLs that have $
> encoded as %24. From the Tomcat logs:
> - - [15/Dec/2015:00:15:22 +0000] "POST
> /%24stapler/bound/c43ae9fc-dcca-4fbe-b247-82279fa65d55/render HTTP/1.0" 404
> 992
> If we access Tomcat directly, it does not return a 404 and $ is not encoded:
> - - [15/Dec/2015:00:16:54 +0000] "POST
> /$stapler/bound/95ed7e0f-f703-458a-a456-8bf729670a4a/render HTTP/1.1" 200
> 437
> When I log the $request_uri and $uri variables, it doesn't look like the $
> is being encoded:
> Dec 15 00:15:22 nginx[2732]:
> nginx: [15/Dec/2015:00:15:22
> +0000] Hi Sunil! Request URI:
> /service/jenkins/$stapler/bound/c43ae9fc-dcca-4fbe-b247-82279fa65d55/render
> is now URI: /$stapler/bound/c43ae9fc-dcca-4fbe-b247-82279fa65d55/render
> However, it looks like the rewrite rule in our location block is causing
> the $ to be encoded. If I comment out this block or change the regex so it
> doesn't match, this works.
> Here's the relevant configuration block:
> location ~ ^/service/jenkins/(?<path>.*) {
>             rewrite ^/service/jenkins/?.*$ /$path break;

The '$' character isn't encoded by nginx on rewrites.  If you see 
it encoded - probably something else did it.  Just tested it here, 
and such a configuration sends the following request line to 
upstream server:

GET /$stapler/bound/c43ae9fc-dcca-4fbe-b247-82279fa65d55/render HTTP/1.0

That is, '$' is not escaped.

If in doubt, try looking into debug logs to see what nginx 
actually sent to upstream server, see for details.

Note well that better solution for such URI change would be to use 
static location and proxy_pass with URI component, like this:

    location /service/jenkins/ {

(Note tralinig "/" in proxy_pass.)

No rewrites, no regular expressions, the same result.  May need 
adjustments if you use other conflicting regular expressions in 
your config.  See for details on 
location matching, and for details 
on proxy_pass.


Maxim Dounin

More information about the nginx mailing list