If there's a query parameter that you have a legitimate use for, like `q` for searching, obviously you should configure your web server to let it through.
Even in that case, you might want to block unexpected values as early as possible in your stack. For example, if you have a legitimate use for a certain set of `utm_source` values, but someone sends you bobby tables, you probably shouldn't log it blindly.
If there's a query parameter that you have a legitimate use for, like `q` for searching, obviously you should configure your web server to let it through.
Even in that case, you might want to block unexpected values as early as possible in your stack. For example, if you have a legitimate use for a certain set of `utm_source` values, but someone sends you bobby tables, you probably shouldn't log it blindly.