Home / server / Questions / 1064885
Accepted
eckza
Asked: 2021-05-28 06:57:00 +0800 CST

nginx: selectively stripping URL params

  • 772

Some of the customers of the e-commerce website that I manage are behind a ZScaler firewall, and it appends garbage query params to all outgoing requests; so when my website makes a HTTP GET request like:

/api/cartinventoryitems?cartsummaryid=eq.1234

It comes through to nginx as:

/api/cartinventoryitems?cartsummaryid=eq.1234&_sm_byp=iVVJvVj6nqJDqQj5

The endpoint behind my /api/ location does not like this, so I am trying to strip it out.

Right now, I am trying to use rewrite at the head of my server block, like so:

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        rewrite ^(.*)([&?]_sm_byp=\w+) $1 last;
        ...
}

But it doesn't seem to be working. Any help would be appreciated.

rewrite nginx

1 Answers

  1. Best Answer

    rewrite (as well as location) nginx directives works with so-called normalized URI which is not included the query part of request (other normalization steps includes decoding the text encoded in the URL-encoded “%XX” form, resolving references to relative path components “.” and “..”, and possible compression of two or more adjacent slashes into a single slash). You should change $args nginx variable instead. Using your regex it would look like

    if ($args ~ ^(.*)(&?_sm_byp=\w+)) {
    set $args $1;
}

    Change from [&?] to &? isn't a mistake. It is made because $args variable does not include the question sign, so & character can be present if _sm_byp query argument isn't the only one or can be absent otherwise.

    I can suggest more advanced regex (authored by myself) which allows to cut some query argument from the query string no matter it is at the beginning, in the middle or at the end of that string:

    if ($args ~ (.*)(^|&)_sm_byp=[^&]*(\2|$)&?(.*)) {
    set $args $1$3$4;
}
    • 2