Hi all,
on my Nginx (1.16.0) I noticed the following behavior regarding "unsafe" character in the URL when using the proxy_pass directive:
Some of the "unsafe" characters described in RFC1738 ( "These characters are "{", "}", "|", "\", "^", "~", "[", "]", and "`" ") are encoded, some don't, when they arrive at the tomcat backend.
Using Nginx default configuration and a simple proxy config:
location / {
proxy_pass http://localhost:8080;
}
I'm forwarding the request to a tomcat server running on the same host. I analysed the incoming traffic on tomcat port.
a)
Request:
GET /app/sample/| HTTP/1.1
Tomcat:
GET /app/sample/| HTTP/1.1
b)
Request:
GET /app/sample/{ HTTP/1.1
Tomcat:
GET /app/sample/%7B HTTP/1.1
Apache HTTP encodes apparently all of the above "unsafe" characters, Nginx only some:
Encoded: "{", "}", "\", "^", "`"
Not Encoded: "|", "~", "[", "]"
Is there a logical explanation for this or is it misconduct?
Can URL encoding be enforced?
Regards