Nginx 代理在 & 字符处截断 GET 请求

Nginx 代理在 & 字符处截断 GET 请求

我们使用 Nginx 作为反向代理。当包含 & 字符的请求通过代理时,它会在该点被截断。以下是数据包捕获中的 HTTP 请求标头,显示了正在发生的事情:

16:55:01.358854 IP (tos 0x0, ttl 64, id 29879, offset 0, flags [DF], proto TCP (6), length 223)
    226166-5.50452 > 192.168.0.3.http: Flags [P.], cksum 0x168e (incorrect -> 0xea18), seq 1:172, ack 1, win 229, options [nop,nop,TS val 317402706 ecr 653213440], length 171: HTTP, length: 171
    GET /UploadService/UploadService.svc/GetFile?associateId=f84c53b6-823d-4e52-aca4-d7e268a61712 HTTP/1.1
    Host: cfmapi.ourdomain.com
    User-Agent: curl/7.47.0
    Accept: */*

代理 GET 请求中的完整 URL 应为:

/UploadService/UploadService.svc/GetFile?associateId=f84c53b6-823d-4e52-aca4-d7e268a61712&filename=c92aed2a-d859-4050-9e6b-8a60428b720e.pdf

我们的 Nginx 配置中的代理部分是:

location /cfmapi/ {
    proxy_pass http://cfmapi.ourdomain.com/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port $server_port;
    proxy_set_header X-Forwarded-Protocol $scheme;
    proxy_redirect default;
    } #End location

(域名故意更改。)

知道是什么原因导致了这种截断以及如何阻止它吗?

$ nginx -V
nginx version: nginx/1.14.2
built with OpenSSL 1.0.2g  1 Mar 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-u35_og/nginx-1.14.2/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-u35_og/nginx-1.14.2/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-u35_og/nginx-1.14.2/debian/modules/http-echo --add-dynamic-module=/build/nginx-u35_og/nginx-1.14.2/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-u35_og/nginx-1.14.2/debian/modules/http-subs-filter

相关内容