Nginx allowed characters inside full URL / URI and ARGS
c0nw0nk
nginx-forum at forum.nginx.org
Sat Jul 15 09:56:21 UTC 2017
Yes but characters in args like = & and ? are allowed and its when they
insert more than one occurance of them nginx accepts them and they bypass
any caches that you have.
&argument=value | Cache : HIT
&&&arguement===value | Cache : MISS
And when they want to DoS you they will do something like the following.
?random=1
?random=2
?random=3
etc etc
It is easy to bypass the cache when your not suppose to.
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275500,275509#msg-275509
More information about the nginx
mailing list