Opened 10 years ago
Closed 10 years ago
#614 closed defect (wontfix)
nginx eats "%25" from URL
| Reported by: | puleglot.ya.ru | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.6.x |
| Keywords: | Cc: | ||
| uname -a: | Linux myhostname 2.6.32-531.17.1.lve1.2.60.el6.x86_64 #1 SMP Tue Jul 8 11:25:32 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.6.1
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_spdy_module --with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' |
||
Description
'%25' in URL gets decoded by nginx-1.6.1 as empty string, '%25%25' gets decoded as single '%' character. Currently we solved this issue by downgrading to nginx-1.4.7.
Related line from the error log:
2014/08/25 15:49:28 [error] 658511#0: *41842 open() "/home/username/public_html/external_c/ardent/%32/326/326997E7%menu-block.style.css" failed (2: No such file or directory), client: xx.xx.xx.xx, server: , request: "GET /external_c/ardent/%25%2532/326/326997E7%25%25menu-block.style.css?53e695e21cb76 HTTP/1.1", upstream: "http://xx.xx.xx.xx:81/external_c/ardent/%25%2532/326/326997E7%25%25menu-block.style.css?53e695e21cb76", host: "example.com"
Change History (2)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Starting with nginx 1.5.9, nginx expects escaped URIs in X-Accel-Redirect, see CHANGES:
Changes with nginx 1.5.9 22 Jan 2014
*) Change: now nginx expects escaped URIs in "X-Accel-Redirect" headers.
...
See ticket #316 for some background info on why the change was made (notably, it wasn't possible to return files with the "?" in the name using X-Accel-Redirect). You have to change your backend code accordingly, to return escaped URIs in X-Accel-Redirect headers.
Note that URL is passed to nginx by apache via X-Accel-Redirect header.