Nginx allowed characters inside full URL / URI and ARGS

c0nw0nk nginx-forum at
Sat Jul 15 09:56:21 UTC 2017

Yes but characters in args like = & and ? are allowed and its when they
insert more than one occurance of them nginx accepts them and they bypass
any caches that you have.

&argument=value | Cache : HIT

&&&arguement===value | Cache : MISS

And when they want to DoS you they will do something like the following.

etc etc

It is easy to bypass the cache when your not suppose to.

Posted at Nginx Forum:,275500,275509#msg-275509

More information about the nginx mailing list