Summary
I can summarize this chapter in one sentence do not make a security decision based on the name of something. If you decide to make such decisions, you will make mistakes and create security vulnerabilities. If you must make a decision based on a name, be conservative determine what is a valid request, look for requests that match that pattern, and reject everything else.
You can never determine all invalid requests, so don't go looking for them!
You have been warned!