Skip to main content
Support

KB Article #177261

http.raw.querystring is blank when the querystring contains illegal, unencoded characters

Problem

* The value of http.raw.querystring is blanked when the incoming request contains illegal characters that have not been percent encoded.

Resolution

-- This is expected behavior to ensure that the API Gateway does not emit non-RFC-compliant requests. You cannot obtain the original, invalid value via policy in any way. To prevent this from creating a problem, either reject requests where the query string is blank and it should not be, or ensure that all incoming requests are properly percent encoded and comply with the query string grammar in RFC 3986, specifically:

pct-encoded = "%" HEXDIG HEXDIG
sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
/ "*" / "+" / "," / ";" / "="
unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
query = *( pchar / "/" / "?" )