diff --git a/root/defaults/authelia-server.conf b/root/defaults/authelia-server.conf
index 8bd63d07..1f5c547a 100644
--- a/root/defaults/authelia-server.conf
+++ b/root/defaults/authelia-server.conf
@@ -10,7 +10,7 @@ location ^~ /authelia {
 
 location = /authelia/api/verify {
     internal;
-    if ($request_uri ~ [^a-zA-Z0-9_+-=\!@$%&*?~.:#'\;\(\)\[\]]) {
+    if ($request_uri ~ [^a-zA-Z0-9_+-=\!@$%&*?~.:#'\;\(\)\[\]\{\}]) {
         return 401;
     }
     include /config/nginx/resolver.conf;
diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config
index 9401ee00..1d6b25d0 100644
--- a/root/etc/cont-init.d/50-config
+++ b/root/etc/cont-init.d/50-config
@@ -109,7 +109,7 @@ fi
 
 # patch authelia-server.conf for CVE-2021-32637
 if ! grep -q 'if ($request_uri ~' /config/nginx/authelia-server.conf; then
-    sed -i '/internal;/a \ \ \ \ if ($request_uri ~ [^a-zA-Z0-9_+-=\\!@$%&*?~.:#'\''\\;\\(\\)\\[\\]]) { return 401; }' /config/nginx/authelia-server.conf
+    sed -i '/internal;/a \ \ \ \ if ($request_uri ~ [^a-zA-Z0-9_+-=\\!@$%&*?~.:#'\''\\;\\(\\)\\[\\]\\{\\}]) { return 401; }' /config/nginx/authelia-server.conf
 fi
 
 # copy pre-generated dhparams or generate if needed