reverse proxy replaces square brackets in request

Maxim Dounin mdounin at
Fri Jul 13 19:50:26 UTC 2012


On Fri, Jul 13, 2012 at 12:49:08PM +0200, Isaac Hailperin wrote:

> Hi,
> I have a redirect loop problem with a website that gets reversed
> proxied. It looks like the following is the cause (which I don't
> know how to solve)
> Inspecting the site with httpfox, the request my browser sends looks
> like this:
> My nginx log tells me this:
> /acm/admin/gui_call.php?Object=admin at GuiAdminStartpage&Params%252525252525252525252525255bgui%252525252525252525252525255d=&action=&no_subtitle=1
> HTTP/1.1"
>  HTTP/1.1" 301 486 "" "Mozilla/5.0 (X11;
>  Ubuntu; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1"
> (This repeats over and over until firefox detects the loop)
> To me it looks like somehow nginx changes the square brackets around
> "gui" into "252525252525252525252525255b" and
> "252525252525252525252525255d" respectively. I assume that because
> the script gui_call.php gets wrong parameters, it redirects to
> /acm/ui. /acm/ui calls gui_call.php with wrong paramters, and so on.
> If my interpretation is correct, how can I stop this? If not, what
> is going on here?

The "GET ... HTTP/1.1" in nginx logs is what your browser sent to 
nginx.  Original request from browser likely had 
"...Params=%5bgui%5d..." in it (which is ok as per RFC 3986 square 
brackets must be escaped).

It's not clear why and where additional escaping of a "%" 
character to "%25" happens, but likely in the same code which does 
redirects, i.e. it's probably up to your php script.

Maxim Dounin

More information about the nginx mailing list