url encode "/" to "%2F" in template

456 views
Skip to first unread message

Jenius_Yang

unread,
Jul 24, 2018, 2:29:47 AM7/24/18
to rabbitmq-users
Hi~ 
@rabbitmq 

since url including vhost "/" in url will be encoded to "%2F"   like /// -> /%2F/  just for http security 

but if nginx will decode "%2F" to "/",  so if url  passes the nginx it will become "///" ,so I counldn‘t proxy_pass it to backend server(tomcat)because applications intentionally reject URIs with an encoded slash (%2F for / and %5C for \) to prevent possible security vulnerabilities. 

when I use rabbit-managment i can't operate vhost="/" related queues or exchanges, I just receive a HTTP 400  error ,For the "/" encoding, can change it from %2F to %252F? Or just make some compatibilities!

Wish for your reply Or give me some suggetions

Best regards

Michael Klishin

unread,
Jul 24, 2018, 7:37:13 AM7/24/18
to rabbitm...@googlegroups.com
You have three options:

 * Use Nginx variables that do not perform percent encoding/decoding for proxying
 * Change default virtual host name
 * Delete the / vhost and add a new one and grant the permissions you need to it instead of /

There is absolutely nothing special about the “/“ vhost except that

 * It is created on node’s first start
 * It is set to be the “default vhost” by default so some plugins will assume they can use it (e.g. rabbitmq-tracing)
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To post to this group, send email to rabbitm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jenius_Yang

unread,
Jul 25, 2018, 1:47:54 AM7/25/18
to rabbitmq-users
I have make Nginx not perform percent encoding/decoding, and when it comes to tomcat server just like  "XX/%2F/XX"  ,the url will be rejected and return http 400

Michael Klishin

unread,
Jul 25, 2018, 9:51:29 AM7/25/18
to rabbitm...@googlegroups.com
You can do that only for specific locations (or server) that talk to RabbitMQ.

Like I said, you can override the name of the default virtual host:

or delete it and create another one during deployment.

To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



--
MK

Staff Software Engineer, Pivotal/RabbitMQ
Reply all
Reply to author
Forward
0 new messages