Yes but characters in args like = & and ? are allowed and its when they insert more than one occurance of them nginx accepts them and they bypass any caches that you have.
&argument=value | Cache : HIT
&&&arguement===value | Cache : MISS
And when they want to DoS you they will do something like the following.
?random=1
?random=2
?random=3
etc etc
It is easy to bypass the cache when your not suppose to.
http://www.networkflare.com/