I'm facing a problem with character encoding that's affecting our backend routing due to our Web Application Firewall (WAF). The WAF decodes or removes percent-encoded characters like `%2F` before the requests reach NGINX. This causes the requests to get malformed and disrupts the routing that the backend needs.
For instance, when a client sends an initial request such as `https://example.com/api/v1/files%2Fuser%2Fid%2F123`, what actually arrives at NGINX is `https://example.com/api/v1/files/user?id=123`.
Since I can't reconfigure the WAF because of security constraints, I'm hoping to find a solution on the NGINX side.
My questions are:
1. Is there a way to customize NGINX to re-encode specific characters in the URI before it proxies the request?
2. Would this involve default rewrite rules, or do I need specialized plugins?
3. Are there any potential security or performance downsides to implementing URI re-encoding at the proxy level?
For context, I'm running NGINX on CentOS and the internal application is an SFTP server running Syncplify. Any advice or examples would be super helpful!
2 Answers
A possible workaround is to use query parameters instead. If you define a query parameter for the path, the encoding shouldn’t interfere with your system. For example, using something like `/api/v1/files?path=%2Fuser%2Fid%2F123` could help avoid this issue altogether. You can also check if your routing allows you to define a variable for the path like `/api/v1/files/{*path_on_system}` which can simplify the proxying.
It sounds like the WAF is converting paths to query strings, which complicates your routing. Since you need `%2F` to stay as part of your path and not turn into a query string, it might be hard to make that distinction. Have you considered discussing this with your team to see if they can implement a different routing strategy? That could help you work around this issue.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads