Nginx proxy_pass URL-encoding with "unsafe" characters is not working

mightbeanyone nginx-forum at
Wed Jul 31 06:46:26 UTC 2019

Hi all,

on my Nginx (1.16.0) I noticed the following behavior regarding "unsafe"
character in the URL when using the proxy_pass directive:

Some of the "unsafe" characters described in RFC1738 ( "These characters are
"{", "}", "|", "\", "^", "~", "[", "]", and "`" ") are encoded, some don't,
when they arrive at the tomcat backend.

Using Nginx default configuration and a simple proxy config:

location / {
       proxy_pass http://localhost:8080;

I'm forwarding the request to a tomcat server running on the same host. I
analysed the incoming traffic on tomcat port.

GET /app/sample/| HTTP/1.1

GET /app/sample/| HTTP/1.1

GET /app/sample/{ HTTP/1.1

GET /app/sample/%7B HTTP/1.1

Apache HTTP encodes apparently all of the above "unsafe" characters, Nginx
only some:

Encoded: "{", "}", "\", "^",  "`"
Not Encoded: "|", "~", "[", "]"

Is there a logical explanation for this or is it misconduct?
Can URL encoding be enforced?


Posted at Nginx Forum:,285051,285051#msg-285051

More information about the nginx mailing list