Não há problema.
I am afraid that people inject
"
in either requests, referrers or user-agents.
"
é representado como \x22
Solicitação:
$ curl 'localhost/"?"="' --header 'User-Agent: "'
linha no log:
[27/Mar/2014:16:14:42 +0400] localhost 127.0.0.1 "GET /\x22?\x22=\x22 HTTP/1.1" 200 "-" "\x22" "-" "/index.html"
UPDATE
Do changelog nginx
Mudanças com o nginx 1.1.6 17 out 2011
*) Change: now the 0x7F-0x1F characters are escaped as \xXX in an
access_log.
Mudanças com o nginx 0.7.0 19 de maio de 2008
*) Change: now the 0x00-0x1F, '"' and '\' characters are escaped as \xXX
in an access_log.
Thanks to Maxim Dounin.