Encoded slashes in URL with proxy = trouble?

Hi!

Nginx is in front of the RabbitMQ management extension. Some of the URLs
the extension generates contain en embedded slash character (%2F):

http://somehost/#/queues/%2F/events

The encoded slash represents the vhost I want to get information about.
I found an older ServerFault question with no answer[1], and was
wondering if any of you had a way to let Nginx pass through the encoded
slash?

Thanks!
François

[1]
http://serverfault.com/questions/289188/nginx-passenger-encoded-slash

On Fri, Sep 09, 2011 at 10:47:10AM -0400, Franois Beausoleil wrote:

[1] http://serverfault.com/questions/289188/nginx-passenger-encoded-slash

First, I’m not sure that browser sends to a server anything after
hash character “#”, since hash mean fragment on page.

As to enconded slash, nginx normalizes URI, it decodes all characters
so “/queues/%2F/events” becames “/queues///events” and then it merges
all slashes, “/./”, and “/…/” to test URI against locations.
Otherwise, anyone can request something like
“/%2E%2E%2E…/…/etc/passwd”
to get files out of server control. Or to get source text of the script
files instead of executing then.

If you want to pass unchanged request to backend, you can use just
backend name without slash in proxy_pass:

location /queues/ {
proxy_pass http://backend;
}

i.e.,


Igor S.