July 15, 2017 05:56AM
Yes but characters in args like = & and ? are allowed and its when they insert more than one occurance of them nginx accepts them and they bypass any caches that you have.

&argument=value | Cache : HIT

&&&arguement===value | Cache : MISS


And when they want to DoS you they will do something like the following.


?random=1
?random=2
?random=3
etc etc

It is easy to bypass the cache when your not suppose to.

http://www.networkflare.com/
Subject Author Posted

Nginx allowed characters inside full URL / URI and ARGS

c0nw0nk July 14, 2017 03:57PM

Re: Nginx allowed characters inside full URL / URI and ARGS

gariac July 14, 2017 07:56PM

Re: Nginx allowed characters inside full URL / URI and ARGS

c0nw0nk July 15, 2017 05:56AM

Re: Nginx allowed characters inside full URL / URI and ARGS

itpp2012 July 15, 2017 06:12AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 125
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready