Nginx proxy_pass URL-encoding with "unsafe" characters is not working
mightbeanyone
nginx-forum at forum.nginx.org
Wed Jul 31 06:46:26 UTC 2019
Hi all,
on my Nginx (1.16.0) I noticed the following behavior regarding "unsafe"
character in the URL when using the proxy_pass directive:
Some of the "unsafe" characters described in RFC1738 ( "These characters are
"{", "}", "|", "\", "^", "~", "[", "]", and "`" ") are encoded, some don't,
when they arrive at the tomcat backend.
Using Nginx default configuration and a simple proxy config:
location / {
proxy_pass http://localhost:8080;
}
I'm forwarding the request to a tomcat server running on the same host. I
analysed the incoming traffic on tomcat port.
a)
Request:
GET /app/sample/| HTTP/1.1
Tomcat:
GET /app/sample/| HTTP/1.1
b)
Request:
GET /app/sample/{ HTTP/1.1
Tomcat:
GET /app/sample/%7B HTTP/1.1
Apache HTTP encodes apparently all of the above "unsafe" characters, Nginx
only some:
Encoded: "{", "}", "\", "^", "`"
Not Encoded: "|", "~", "[", "]"
Is there a logical explanation for this or is it misconduct?
Can URL encoding be enforced?
Regards
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285051,285051#msg-285051
More information about the nginx
mailing list