nginx return 404 if query param contains special char '<'
Solution 1:
In my tests no matter how I entered the url (encoded or not) it always is encoded in the log file.
Here are two possibilities to accomplish your requirement:
if ($args ~* (param=.*(%3C|%3E).*)) {
return 404;
}
or
In your location
block:
if ($err404) {
return 404;
}
In the http
block (not inside the server
block!):
map $args $err404 {
~param=.*(%3C|%3E).* 1;
default 0;
}