From 351dcbd1867aa272f2c96864e665475b9ff3d449 Mon Sep 17 00:00:00 2001 From: Romain Date: Mon, 8 Dec 2025 10:44:04 +0100 Subject: [PATCH] Fix encodedCharacters entryPoint option documentation --- docs/content/routing/entrypoints.md | 33 ++++++++++++++------------- docs/content/security/request-path.md | 33 ++++++++++++++------------- 2 files changed, 34 insertions(+), 32 deletions(-) diff --git a/docs/content/routing/entrypoints.md b/docs/content/routing/entrypoints.md index c30e1df1a..908fb08f0 100644 --- a/docs/content/routing/entrypoints.md +++ b/docs/content/routing/entrypoints.md @@ -127,14 +127,15 @@ They can be defined by using a file (YAML or TOML) or CLI arguments. trustedIPs: - "127.0.0.1" - "192.168.0.1" - encodedCharacters: - allowEncodedSlash: true - allowEncodedBackSlash: true - allowEncodedNullCharacter: true - allowEncodedSemicolon: true - allowEncodedPercent: true - allowEncodedQuestionMark: true - allowEncodedHash: true + http: + encodedCharacters: + allowEncodedSlash: true + allowEncodedBackSlash: true + allowEncodedNullCharacter: true + allowEncodedSemicolon: true + allowEncodedPercent: true + allowEncodedQuestionMark: true + allowEncodedHash: true ``` ```toml tab="File (TOML)" @@ -160,7 +161,7 @@ They can be defined by using a file (YAML or TOML) or CLI arguments. [entryPoints.name.forwardedHeaders] insecure = true trustedIPs = ["127.0.0.1", "192.168.0.1"] - [entryPoints.name.encodedCharacters] + [entryPoints.name.http.encodedCharacters] allowEncodedSlash = true allowEncodedBackSlash = true allowEncodedNullCharacter = true @@ -184,13 +185,13 @@ They can be defined by using a file (YAML or TOML) or CLI arguments. --entryPoints.name.proxyProtocol.trustedIPs=127.0.0.1,192.168.0.1 --entryPoints.name.forwardedHeaders.insecure=true --entryPoints.name.forwardedHeaders.trustedIPs=127.0.0.1,192.168.0.1 - --entryPoints.name.encodedCharacters.allowEncodedSlash=true - --entryPoints.name.encodedCharacters.allowEncodedBackSlash=true - --entryPoints.name.encodedCharacters.allowEncodedNullCharacter=true - --entryPoints.name.encodedCharacters.allowEncodedSemicolon=true - --entryPoints.name.encodedCharacters.allowEncodedPercent=true - --entryPoints.name.encodedCharacters.allowEncodedQuestionMark=true - --entryPoints.name.encodedCharacters.allowEncodedHash=true + --entryPoints.name.http.encodedCharacters.allowEncodedSlash=true + --entryPoints.name.http.encodedCharacters.allowEncodedBackSlash=true + --entryPoints.name.http.encodedCharacters.allowEncodedNullCharacter=true + --entryPoints.name.http.encodedCharacters.allowEncodedSemicolon=true + --entryPoints.name.http.encodedCharacters.allowEncodedPercent=true + --entryPoints.name.http.encodedCharacters.allowEncodedQuestionMark=true + --entryPoints.name.http.encodedCharacters.allowEncodedHash=true ``` ### Address diff --git a/docs/content/security/request-path.md b/docs/content/security/request-path.md index 382b10d64..464391356 100644 --- a/docs/content/security/request-path.md +++ b/docs/content/security/request-path.md @@ -93,21 +93,22 @@ All encoded character filtering is enabled by default (`false` means encoded cha entryPoints: websecure: address: ":443" - encodedCharacters: - allowEncodedSlash: false # %2F - Default: false (RECOMMENDED) - allowEncodedBackSlash: false # %5C - Default: false (RECOMMENDED) - allowEncodedNullCharacter: false # %00 - Default: false (RECOMMENDED) - allowEncodedSemicolon: false # %3B - Default: false (RECOMMENDED) - allowEncodedPercent: false # %25 - Default: false (RECOMMENDED) - allowEncodedQuestionMark: false # %3F - Default: false (RECOMMENDED) - allowEncodedHash: false # %23 - Default: false (RECOMMENDED) + http: + encodedCharacters: + allowEncodedSlash: false # %2F - Default: false (RECOMMENDED) + allowEncodedBackSlash: false # %5C - Default: false (RECOMMENDED) + allowEncodedNullCharacter: false # %00 - Default: false (RECOMMENDED) + allowEncodedSemicolon: false # %3B - Default: false (RECOMMENDED) + allowEncodedPercent: false # %25 - Default: false (RECOMMENDED) + allowEncodedQuestionMark: false # %3F - Default: false (RECOMMENDED) + allowEncodedHash: false # %23 - Default: false (RECOMMENDED) ``` ```toml tab="File (TOML)" [entryPoints.websecure] address = ":443" - [entryPoints.websecure.encodedCharacters] + [entryPoints.websecure.http.encodedCharacters] allowEncodedSlash = false allowEncodedBackSlash = false allowEncodedNullCharacter = false @@ -119,11 +120,11 @@ entryPoints: ```bash tab="CLI" --entryPoints.websecure.address=:443 ---entryPoints.websecure.encodedCharacters.allowEncodedSlash=false ---entryPoints.websecure.encodedCharacters.allowEncodedBackSlash=false ---entryPoints.websecure.encodedCharacters.allowEncodedNullCharacter=false ---entryPoints.websecure.encodedCharacters.allowEncodedSemicolon=false ---entryPoints.websecure.encodedCharacters.allowEncodedPercent=false ---entryPoints.websecure.encodedCharacters.allowEncodedQuestionMark=false ---entryPoints.websecure.encodedCharacters.allowEncodedHash=false +--entryPoints.websecure.http.encodedCharacters.allowEncodedSlash=false +--entryPoints.websecure.http.encodedCharacters.allowEncodedBackSlash=false +--entryPoints.websecure.http.encodedCharacters.allowEncodedNullCharacter=false +--entryPoints.websecure.http.encodedCharacters.allowEncodedSemicolon=false +--entryPoints.websecure.http.encodedCharacters.allowEncodedPercent=false +--entryPoints.websecure.http.encodedCharacters.allowEncodedQuestionMark=false +--entryPoints.websecure.http.encodedCharacters.allowEncodedHash=false ```