id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
670	%0a. routing bypass	Adam Surak		"Hello,

I have noticed in my logs a following issue:

{{{
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /cgi.cgi/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24802 open() ""/home/prod/prod/config/html/webcgi/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /webcgi/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24803 open() ""/home/prod/prod/config/html/cgi-914/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /cgi-914/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24804 open() ""/home/prod/prod/config/html/cgi-915/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /cgi-915/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24805 open() ""/home/prod/prod/config/html/bin/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /bin/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24806 open() ""/home/prod/prod/config/html/cgi/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /cgi/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24807 open() ""/home/prod/prod/config/html/mpcgi/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /mpcgi/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24808 open() ""/home/prod/prod/config/html/cgi-bin/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /cgi-bin/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24809 open() ""/home/prod/prod/config/html/ows-bin/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /ows-bin/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24810 open() ""/home/prod/prod/config/html/cgi-sys/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /cgi-sys/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24811 open() ""/home/prod/prod/config/html/cgi-local/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /cgi-local/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24812 open() ""/home/prod/prod/config/html/htbin/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /htbin/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24813 open() ""/home/prod/prod/config/html/cgibin/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /cgibin/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24814 open() ""/home/prod/prod/config/html/cgis/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /cgis/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24815 open() ""/home/prod/prod/config/html/scripts/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /scripts/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24816 open() ""/home/prod/prod/config/html/cgi-win/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /cgi-win/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24817 open() ""/home/prod/prod/config/html/fcgi-bin/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /fcgi-bin/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24818 open() ""/home/prod/prod/config/html/cgi-exe/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /cgi-exe/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24819 open() ""/home/prod/prod/config/html/cgi-home/scripts/*
.pl"" failed (2: No such file or directory), client: 37.187.28.218, server: apieu1.algolia.com, request: ""GET /cgi-home/scripts/*%0a.pl HTTP/1.0"", host: ""***""
2014/11/22 20:33:38 [error] 8963#0: *24820 open() ""/home/prod/prod/config/html/cgi-perl/scripts/*
}}}

My nginx.conf allows:
{{{
/1/
/_
/ - redirect to /1/404
}}}

The sequence that triggers this problem is ""%0a."" in the url. After that nginx starts to look for files on the filesystem.

"	defect	closed	major		nginx-core	1.6.x	invalid			Linux c5-eu-3.algolia.io 3.10.23-xxxx-std-ipv6-64 #1 SMP Tue Mar 18 14:48:24 CET 2014 x86_64 x86_64 x86_64 GNU/Linux	"nginx version: nginx/1.6.2
built by gcc 4.8.2 (Ubuntu 4.8.2-19ubuntu1) 
TLS SNI support enabled
configure arguments: --with-http_stub_status_module --with-http_gzip_static_module --with-http_ssl_module --add-module=../../algolia --add-module=../headers-more-nginx-module-0.22 --with-ipv6"