Welcome! Log In Create A New Profile

Advanced

Nginx proxy_pass URL-encoding with "unsafe" characters is not working

July 31, 2019 02:26AM
Hi all,

on my Nginx (1.16.0) I noticed the following behavior regarding "unsafe" character in the URL when using the proxy_pass directive:

Some of the "unsafe" characters described in RFC1738 ( "These characters are "{", "}", "|", "\", "^", "~", "[", "]", and "`" ") are encoded, some don't, when they arrive at the tomcat backend.

Using Nginx default configuration and a simple proxy config:


location / {
proxy_pass http://localhost:8080;
}


I'm forwarding the request to a tomcat server running on the same host. I analysed the incoming traffic on tomcat port.

a)
Request:
GET /app/sample/| HTTP/1.1

Tomcat:
GET /app/sample/| HTTP/1.1


b)
Request:
GET /app/sample/{ HTTP/1.1

Tomcat:
GET /app/sample/%7B HTTP/1.1


Apache HTTP encodes apparently all of the above "unsafe" characters, Nginx only some:

Encoded: "{", "}", "\", "^", "`"
Not Encoded: "|", "~", "[", "]"

Is there a logical explanation for this or is it misconduct?
Can URL encoding be enforced?

Regards
Subject Author Posted

Nginx proxy_pass URL-encoding with "unsafe" characters is not working

mightbeanyone July 31, 2019 02:26AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 84
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready