Clarify doc about encodedCharacters rejection

2025-12-09 15:28:04 +01:00 · 2025-12-09 15:28:04 +01:00 · e0e49533ab
commit e0e49533ab
parent 351dcbd186
2 changed files with 9 additions and 1 deletions
--- a/docs/content/migration/v2.md
+++ b/docs/content/migration/v2.md
@ -733,4 +733,7 @@ Here is the list of the encoded characters that are rejected by default, along w
 | `%3f` or `%3F`    | `?` (question mark)     | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedQuestionMark`  |
 | `%23`             | `#` (hash)              | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedHash`          |

+Note: This check is not done against query parameters,
+but only against the request path as defined in [RFC3986 section-3](https://datatracker.ietf.org/doc/html/rfc3986#section-3).
+
 Please check out the entrypoint [encodedCharacters option](../routing/entrypoints.md#encoded-characters) documentation for more details.
--- a/docs/content/routing/entrypoints.md
+++ b/docs/content/routing/entrypoints.md
@ -1021,7 +1021,12 @@ entryPoints:
 ### Encoded Characters

 You can configure Traefik to control the handling of encoded characters in request paths for security purposes.
-By default, Traefik rejects requests containing certain encoded characters that could be used in path traversal or other security attacks.
+By default, Traefik rejects requests with path containing certain encoded characters that could be used in path traversal or other security attacks.
+
+!!! info 
+    
+    This check is not done against the request query parameters,
+    but only against the request path as defined in [RFC3986 section-3](https://datatracker.ietf.org/doc/html/rfc3986#section-3).

 !!! warning "Security Considerations"