nginx - nginx在反向代理中重写括号
问题描述
我们刚刚在反向代理设置中发现 nginx 正在将 URL 编码的括号重写为代理请求中的真实括号。例如,https://foo/a/b/test%20%5BTEST%5D.png 在代理到后端时会被重写为 /a/b/test%20[TEST].png。
我的配置很简单:
location /a/b/ {
proxy_pass http://localhost:8082/;
proxy_connect_timeout 15s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_header Referer;
proxy_pass_header User-Agent;
add_header Strict-Transport-Security "max-age=31536000";
client_max_body_size 1024m;
}
访问日志中的传入请求是:
172.16.141.8 - - [13/May/2021:10:07:37 -0400] "GET /a/b/test%20%5BTEST%5D.png HTTP/1.1" 400 800 "https://[referrer]" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36"
上游日志显示:
172.16.141.8 - - [13/May/2021:10:07:37 -0400] "GET /a/b/test%20%5BTEST%5D.png HTTP/1.1" 400 1386 127.0.0.1:8082
并且在端口 8082(代理的目标)的请求的网络跟踪是:
10:07:37.903863 IP 127.0.0.1.53518 > 127.0.0.1.8082: Flags [P.], seq 1:2308, ack 1, win 342, options [nop,nop,TS val 276559597 ecr 276559597], length 2307
E. 7.y@.@..E.............6.........V.,.....
.{...{..GET /a/b/test%20[TEST].png HTTP/1.0
X-Real-IP: 172.16.141.8
X-Forwarded-For: 172.16.141.8
X-Forwarded-Proto: https
Host: localhost:8082
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: https://[referrer]
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
为什么 nginx 将编码的括号重写为实际的括号?它没有触及 URL 中的空间,因此出于某种原因,它肯定会选择性地重写它。我正在运行 nginx 版本 1.16.1。
谢谢!