Nginx – Disabling URL decoding in nginx proxy

nginxrewriteurl

When I browse to this URL: http://localhost:8080/foo/%5B-%5D server (nc -l 8080) receives it as-is:

GET /foo/%5B-%5D HTTP/1.1

However when I proxy this application via nginx (1.1.19):

location /foo {
        proxy_pass    http://localhost:8080/foo;
}

The same request routed through nginx port is forwarded with path decoded:

GET /foo/[-] HTTP/1.1

Decoded square brackets in the GET path are causing the errors in the target server (HTTP Status 400 – Illegal character in path…) as they arrive un-escaped.

Is there a way to disable URL decoding or encode it back so that the target server gets the exact same path when routed through nginx? Some clever URL rewrite rule?

Best Answer

Quoting Valentin V. Bartenev (who should get the full credit for this answer):

A quote from documentation:

If proxy_pass is specified with URI, when passing a request to the server, part of a normalized request URI matching the location is replaced by a URI specified in the directive

If proxy_pass is specified without URI, a request URI is passed to the server in the same form as sent by a client when processing an original request

The correct configuration in your case would be:
location /foo {
   proxy_pass http://localhost:8080;
}

Related Solutions

Nginx reverse proxy + URL rewrite

Any redirect to localhost doesn't make sense from a remote system (e.g. client's Web browser). So the rewrite flags permanent (301) or redirect (302) are not usable in your case.

Please try following setup using a transparent rewrite rule:

location  /foo {
  rewrite /foo/(.*) /$1  break;
  proxy_pass         http://localhost:3200;
  proxy_redirect     off;
  proxy_set_header   Host $host;
}

Use curl -i to test your rewrites. A very subtle change to the rule can cause nginx to perform a redirect.

Nginx $uri is url decoded

With nginx/1.2.1, I wasn't able to reproduce your issue of %20, once decoded into a space, of causing any 400 Bad Request within nginx; perhaps that's coming from upstream?

Regardless, it is actually not that difficult to use the finite-state automaton that is provided through the rewrite directive to stop $uri from containing the decoded request, yet still perform all sorts of transformations of the request.

https://stackoverflow.com/questions/28684300/nginx-pass-proxy-subdirectory-without-url-decoding/37584637#37584637

The idea is that when you change $uri in place, it doesn't get re-decoded. And, as you know, we do already have the undecoded one in $request_uri. What's left is to simply set one to the other, and call it a day.

server {
    listen 2012;
    location /a {
        rewrite ^/a(.*) /f$1 last;
    }
    location /i {
        rewrite ^ $request_uri;
        rewrite ^/i(.*) /f$1 last;
        return 400; #if the second rewrite won't match
    }
    location /f {
        set $url http://127.0.0.1:2016/s?v=h&a=$scheme://$host$uri;
        proxy_pass $url;
    }
}

server {
    listen 2016;
    return 200 $request_uri\n;
}

And, yes, the rewrite ^ $request_uri; part above does do the trick:

% echo localhost:2012/{a,i,f}/h%20w | xargs -n1 curl
/s?v=h&a=http://localhost/f/h w
/s?v=h&a=http://localhost/f/h%20w
/s?v=h&a=http://localhost/f/h w
%

(If you want the "direct" thing to not be decoded, either, then it'll probably be easiest to just make it an "indirect" as well.)

Best Answer

Related Solutions

Nginx reverse proxy + URL rewrite

Nginx $uri is url decoded

Related Topic