1

A bad HTTP client isn't escaping hash signs and is sending them to nginx, like so:

GET /foo/escaped#stuff

Instead of:

GET /foo/escaped%23stuff

This breaks my nginx configuration, since nginx strips the text after the # in the proxy_pass directive. How do I escape the hash sign?

  • Using return 200 "$request_uri"; does show me that nginx is reading it, so it seems like it's possible. Nginx, however, ignores it in location blocks, so I can't actually match it with anything.

  • You can use the below code to send unescaped HTTP GET requests in Python:

    import socket

def get(host, port, uri):
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.connect((host, port))
    sock.send('GET {} HTTP/1.0\r\nHost: {}\r\n\r\n'.format(uri, host))

    return sock.recv(1000)
Blender
  • 289,723
  • 53
  • 439
  • 496
  • You probably should fix that client. Not escaping `#` is pretty bad. You will never be able to match it with `location` because `/a#b` *is* the same location as `/a#c`. Still, [see the previous question about hash-bangs in URLs](http://stackoverflow.com/questions/5380108/nginx-hashbang-rewrite) – grochmal Aug 10 '16 at 01:53
  • @grochmal: Nothing I can do about the client, unfortunately. If I could fix it, I would. – Blender Aug 10 '16 at 01:59

0 Answers0