Encoding URL before passing it on to reverse proxied application

Garbage at gmx.de Garbage at gmx.de
Thu Oct 18 14:18:50 UTC 2018


We are in the process of replacing a rather old web application. The old application used links that look like this:

https://nameofapp/do?param1=A&id={ABC-DEF-GHI}&param2=B

I know that as far as RFC is concerned { and } are not valid characters but unfortunately the application was built that way and we have 100s of 1000s of links that were stored by users and we can't replace them (the links ;-))

The new application is based on Spring Boot and has to be prefixed by a nginx webserver. Nginx takes the URL and proxies it to the Spring Boot application like this:

location / {
  proxy_pass http://localhost:8080;
}

While doing this nginx keeps the { and } in place, then Spring Boots built in security firewall complains about those characters and sends a http status 400. I do not want to switch off this feature (although it would be possible). Instead I search for a way to achieve one of these:

- have nginx "process" the URL and encode the { and } before passing them on. For example this could look like "/do?param1=A&id=%7BABC-DEF-GHI%7D&param2=B"
- have nginx "hide" the complete URL, for example this could like like "/processhiddenvalue?value=ZG8/cGFyYW0xPUEmaWQ9e0FCQy1ERUYtR0hJfSZwYXJhbTI9Qg==" (which is just the base64 encoded URL)

Is one of these approaches possible ?


More information about the nginx mailing list