1

How to prevent a server from returning an error 400 code error when the URL contains % symbol using NGINX server?

Nginx configuration for my website: 

....
   rewrite ^/download/(.+)$   /download.php?id=$1  last;
....

When I tried to get access to this URL: http://mywebsite.net/download/some-string-100%-for-example I got this error: 

400 Bad Request

With this url : http://mywebsite.net/download/some-string-%25-for-example it's work fine !

AHmedRef
  • 2,555
  • 12
  • 43
  • 75
  • Is it possible for you to show the original link? I want to test the link in my own browser – Aminah Nuraini Apr 12 '16 at 21:32
  • sorry it's not because it's an application hosted on my computer but i get 400 error with this string '100%' in my url, but it's work fine with %20 string – AHmedRef Apr 12 '16 at 21:36

1 Answers1

2

It's because it needs to be URL encoded first.

This will explain: http://www.w3schools.com/tags/ref_urlencode.asp

URLs can only be sent over the Internet using the ASCII character-set.

Since URLs often contain characters outside the ASCII set, the URL has to be converted into a valid ASCII format.

URL encoding replaces unsafe ASCII characters with a "%" followed by two hexadecimal digits. URLs cannot contain spaces. URL encoding normally replaces a space with a plus (+) sign or with %20.

The URL interpreter is confused to see a % without hexadecimals after it.

Why would you think of solving by changing Nginx configuration???

It's impossible to solve from the server side. It's a problem from the client side.

https://headteacherofgreenfield.wordpress.com/2016/03/23/100-celebrations/

In that URL, the title is 100% Celebrations! but the permalink is autogenerated to 100-celebrations. It's because they know putting 100% will cause a URL encode problem.

If even Wordpress doesn't do it your way, then why should you do it?

Community
  • 1
  • 1
Aminah Nuraini
  • 18,120
  • 8
  • 90
  • 108
  • Try change `100%` in the URL to `100%25`. If it works, then I am right – Aminah Nuraini Apr 12 '16 at 21:36
  • https://headteacherofgreenfield.wordpress.com/2016/03/23/100-celebrations/ In that URL, the title is `100% Celebrations!` but the permalink is autogenerated to `100-celebrations`. It's because they know putting `100%` will cause a problem. – Aminah Nuraini Apr 12 '16 at 21:39
  • but your "answer it's not clear yet", wich changes i have to do ? – AHmedRef Apr 12 '16 at 21:43
  • You have to convert your URL to a URL friendly format using a URL encode function. The function depends on which language you are using. This is for python: http://stackoverflow.com/questions/5607551/python-urlencode-string – Aminah Nuraini Apr 12 '16 at 21:46
  • the probleme is that 400 error happened before execute php code so i can't do string encoding, so i should to do something in nginx file configuration, for example check $request_uri and replace % by empty char , really i don't know !! – AHmedRef Apr 12 '16 at 21:49
  • You need to be clearer on what do you mean with `before execute php code`. Please update your question post with the detail of it. From what I know, it can't be solved in Nginx configuration. Even Wordpress doesn't do that. Why would you? This problem should be solved from the client side, not the server. – Aminah Nuraini Apr 12 '16 at 21:55