rewrite causing $ to be escaped

Maxim Dounin mdounin at mdounin.ru
Tue Dec 15 01:25:45 UTC 2015 

Hello!

On Mon, Dec 14, 2015 at 04:26:33PM -0800, Sunil Shah wrote:

> We're running Jenkins behind an Nginx reverse proxy and see issues where
> Jenkins running in Tomcat returns 404 because it receives URLs that have $
> encoded as %24. From the Tomcat logs:
> 10.0.7.212 - - [15/Dec/2015:00:15:22 +0000] "POST
> /%24stapler/bound/c43ae9fc-dcca-4fbe-b247-82279fa65d55/render HTTP/1.0" 404
> 992
> 
> If we access Tomcat directly, it does not return a 404 and $ is not encoded:
> 10.0.7.212 - - [15/Dec/2015:00:16:54 +0000] "POST
> /$stapler/bound/95ed7e0f-f703-458a-a456-8bf729670a4a/render HTTP/1.1" 200
> 437
> 
> When I log the $request_uri and $uri variables, it doesn't look like the $
> is being encoded:
> Dec 15 00:15:22 ip-10-0-7-212.us-west-2.compute.internal nginx[2732]:
> ip-10-0-7-212.us-west-2.compute.internal nginx: [15/Dec/2015:00:15:22
> +0000] Hi Sunil! Request URI:
> /service/jenkins/$stapler/bound/c43ae9fc-dcca-4fbe-b247-82279fa65d55/render
> is now URI: /$stapler/bound/c43ae9fc-dcca-4fbe-b247-82279fa65d55/render
> 
> However, it looks like the rewrite rule in our location block is causing
> the $ to be encoded. If I comment out this block or change the regex so it
> doesn't match, this works.
> 
> Here's the relevant configuration block:
> location ~ ^/service/jenkins/(?<path>.*) {
>             rewrite ^/service/jenkins/?.*$ /$path break;

The '$' character isn't encoded by nginx on rewrites.  If you see 
it encoded - probably something else did it.  Just tested it here, 
and such a configuration sends the following request line to 
upstream server:

GET /$stapler/bound/c43ae9fc-dcca-4fbe-b247-82279fa65d55/render HTTP/1.0

That is, '$' is not escaped.

If in doubt, try looking into debug logs to see what nginx 
actually sent to upstream server, see 
http://nginx.org/en/docs/debugging_log.html for details.

Note well that better solution for such URI change would be to use 
static location and proxy_pass with URI component, like this:

    location /service/jenkins/ {
        proxy_pass http://10.0.0.63:10115/;
        ...
    }

(Note tralinig "/" in proxy_pass.)

No rewrites, no regular expressions, the same result.  May need 
adjustments if you use other conflicting regular expressions in 
your config.  See http://nginx.org/r/location for details on 
location matching, and http://nginx.org/r/proxy_pass for details 
on proxy_pass.

[...]

-- 
Maxim Dounin
http://nginx.org/

More information about the nginx mailing list