Forum: NGINX X-Accel-Redirect is urlencoding my already urlencoded request

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
W. andrew L. (Guest)
on 2008-12-02 00:08
(Received via mailing list)
I use X-Accel-Redirect to proxy requests from my application to
Amazon's S3 while retaining more control over caching and expiration.
To do this, I generate an authenticated S3 URL which looks something
like this:

An example from my applicaiton:

The 'key' (or path as far as nginx is concerned) is already a
urlencoded string, because Amazon's keys are allowed to have spaces,
slashes, dashes etc.

For my use, I strip off the host and tack on an internal address which
then proxies to S3,

location /AWSS3/ {

becomes (done by my Rails application)


The signature is computed from the method, the size of the key and the
key name, so changing the hostname or path has no negative
consequences. Here is my problem, when nginx requests this URL on the
user's behalf it requests it as:

It has encoded the % signs in the path as %25 so the already encoded /
(%2F) becomes %252F which doesn't decode properly into the key on
Amazon's side and I get an error that the Signature does not match.

One solution is to not url encode the path name when I generate my
signature (i.e. make something like
), but this doesn't let me use keys with special characters which I

Is there a way to have nginx NOT change the X-Accel-Redirected request
in anyway?
This topic is locked and can not be replied to.