MIDE11
Reputation: 3530
Avoid CR:LF characters in NGINX
I wish to send all urls with CR:LF characters in NGINX to error page. I try to find how to do it, but didn’t see any nginx support for it. How can I do it?
Upvotes: 3
Views: 2756
Answers (1)
Richard Smith
Reputation: 49692
The CR and LF characters will be encoded as %0D%0A in the $request_uri.
You could detect them by placing an if block near the top of your server block:
server {
...
if ( $request_uri ~* "%0A|%0D" ) { return 403; }
See this caution on the use of if.
Upvotes: 5
Related Questions
- NGINX unescapes %2f to a forward slash. How can I stop it?
- Remove charset in Content-Type header
- How to handle special symbols in nginx
- Stop nginx from decoding URL
- Character encoding with nginx and perl
- How to set access log file encoding in nginx?
- Nginx : UTF-8 charset instead of ISO-8859-1
- Nginx disable or decode url encoding when writing to access log
- nginx urldecoding slashes in url
- nginx change default charset