A bad HTTP client isn't escaping hash signs and is sending them to nginx, like so:
GET /foo/escaped#stuff
Instead of:
GET /foo/escaped%23stuff
This breaks my nginx configuration, since nginx strips the text after the # in the proxy_pass directive. How do I escape the hash sign?
- Using
return 200 "$request_uri";does show me that nginx is reading it, so it seems like it's possible. Nginx, however, ignores it inlocationblocks, so I can't actually match it with anything. You can use the below code to send unescaped HTTP GET requests in Python:
import socket def get(host, port, uri): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((host, port)) sock.send('GET {} HTTP/1.0\r\nHost: {}\r\n\r\n'.format(uri, host)) return sock.recv(1000)