400 Error on % !!

B.R. reallfqq-nginx at yahoo.fr
Mon Nov 23 19:34:41 UTC 2015


The '%' character has a meaning in the HTTP URI grammar, indicating that
the following bytes are hexadecimal value representing a unicode character
(see https://tools.ietf.org/html/rfc3986#section-2.1).
If you try to implement what you suggest, you will basically corrupt URIs
from someone tring to access your website with Unicode-encoded strings,
which might be perfectly valid.

​The only solution I find viable is that you remove percent character from
your URIs which are not representing Unicode characters, for example by
encoding '%'.​ The percent-encoded version of '%' is '%25'.
---
*B. R.*

On Mon, Nov 23, 2015 at 9:40 AM, shahzaib shahzaib <shahzaib.cb at gmail.com>
wrote:

> Hi,
>
>   Thanks for the reply, now we've tons of these URLs which are not
> properly encoded. Can we redirect '%' request to the same URL by excluding
> '%' ? Such as
>
> http://domain.com/video/100%-working
>
> to
>
> http://domain.com/video/100-working
>
> Regards.
> Shahzaib
>
> On Mon, Nov 23, 2015 at 1:20 PM, nanaya <me at myconan.net> wrote:
>
>>
>>
>> On Mon, Nov 23, 2015, at 05:17 PM, shahzaib shahzaib wrote:
>> > Hi,
>> >
>> >    We've encountered with 400 Bad request error on nginx reverse proxy
>> in
>> > front of apache. Here is the attached link :
>> >
>> > http://prntscr.com/95wlsl
>> >
>> > If we remove '%' from the URL, it works fine. What could be the issue ?
>> >
>>
>> `%-` isn't a valid percent-encoding (and thus a bad request). Try
>> encoding the url properly.
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20151123/2c38fba3/attachment.html>


More information about the nginx mailing list