Special characters in the address bar parameters and special characters in the column parameters

Special characters in the address bar parameters and special characters in the column parameters

A 400 bad request error occurs when the site deployed in jango + nginx + uwsgi accesses a URL, but this error is not encountered when you use the developed version of the web server that comes with django. It is preliminarily determined that it is a problem with nginx or uwsgi configuration.

The reason on the internet is that the request header is too large and the client_header_buffer_size and large_client_header_buffers configured by nginx are too small. However, the current status is unlikely. Because the request header is not very large. So what other reasons have not been found yet, so try again first.

Add the following two line parameters to the http section of the nginx configuration file nginx. conf:
Client_header_buffer_size 16 k;
Large_client_header_buffers 4 64 k;
Nginx uses the buffer client_header_buffer_size by default to read the header value. If the header is too large, it uses large_client_header_buffers to read the header value. If the value is too small and the request Header/COOKIE is too large, the error 400 bad request is returned.

After adjusting the parameters to reload the configuration file and restarting uwsgi, the problem was not solved.
After careful viewing, we found that the original request URL parameter contains a special character %. As a result, the Web Server did not correctly parse the URL and reported this error.

The following characters in the URL have special meanings:
How to escape Symbolic Meanings
+ The + sign in the URL indicates space % 2B
The space in the space URL can be + or encoded as % 20
/Separate directories and subdirectories % 2F
? Separate the actual URL and parameter % 3F
% Special character % 25
# Indicates bookmarks % 23
& Delimiter between parameters specified in the URL % 26
= The value of the specified parameter in the URL % 3D

For example, the sever constructs a URL containing parameters from the value in the input box of the submitted form,
If the submitted content is "pkgcr + awldb", the URL in the address bar is displayed as "xxx /? Q = pkgcr % 2Bawldb ", that is, the value of q in the parameter is actually" pkgcr + awldb"
If the submitted content is "pkgcr awldb", the URL in the address bar is displayed as "xxx /? Q = pkgcr + awldb ", that is, the value of q in the parameter is actually" pkgcr awldb"
If the submitted content is "pkgcr/awldb", the URL in the address bar is displayed as "xxx /? Q = pkgcr % 2Fawldb ", that is, the value of q in the parameter is actually" pkgcr/awldb"
If the submitted content is "pkgcr? Awldb. The URL in the address bar is displayed as "xxx /? Q = pkgcr % 3Fawldb ", that is, the value of q in the parameter is actually" pkgcr? Awldb"
If the submitted content is "pkgcr % awldb", the URL in the address bar is displayed as "xxx /? Q = pkgcr % 25awldb ", that is, the value of q in the parameter is actually" pkgcr % awldb"
If the submitted content is "pkgcr # awldb", the URL in the address bar is displayed as "xxx /? Q = pkgcr % 23awldb ", that is, the value of q in the parameter is actually" pkgcr # awldb"
If the submitted content is "pkgcr & awldb", the URL in the address bar is displayed as "xxx /? Q = pkgcr % 26awldb ", that is, the value of q in the parameter is actually" pkgcr & awldb"
If the submitted content is "pkgcr = awldb", the URL in the address bar is displayed as "xxx /? Q = pkgcr % 3Dawldb ", that is, the value of q in the parameter is actually" pkgcr = awldb"

What if I construct a URL directly on the server? For example, the file on the server has a variable ip address with the value of "172.142. %". You need to construct a URL on the server for the client to access, such as "href =? Ip = {ip} & q = 'mysql' "(assuming that {ip} is a reference method for variables), what will happen when we click this link?

As we can see, because the variable ip contains the special character "%", and "%" has a special meaning in the URL, the URL constructed in the above method is equivalent to "href =? Ip = 172.142.% & q = mysql ", the web server cannot interpret % when parsing the URL, resulting in an error. For the same reason, unexpected problems may occur when some other special characters are included. For example, there is another variable addr with the value of "china & america" and the constructed URL is "href =? Addr = {addr} & q = 'mysql' ". The constructed URL is equivalent to" href =? Addr = china & america & q = mysql ", the web server will resolve the "america" after the first "&" in the URL to another parameter instead of taking "china & america" as the value of the "addr" parameter.

How can we include special characters such as %, &, +, and = in the URL as needed? The answer is to use the corresponding encoding instead of the special characters to construct the URL. For example, in the above example, you can replace the ip value with "172.142.% 25 ", replace the addr value with" china % 26america ", so that the constructed URL is" href =? Ip = 172.142.% 25 & q = mysql "and" href =? Addr = china % 26 america & q = 'mysql' ", so that the value of the parameter ip address in the URL can be successfully resolved to" 172.142.% ", and the addr value is successfully resolved to china & america, without causing confusion in other Parameter Parsing.