Login/Register
Cannot match %2F in mod_rewrite
Asked Answered
Solved mod-rewriteurl-rewritingapache2
M

1

10

I have a set of rewrite rules (in a .htaccess) something like this:

RewriteRule ^list/vendor/(.*)$ list.php?vendor=$1
RewriteRule ^list/product/(.*)$ list.php?product=$1
RewriteRule ^list/(.*)$ list.php?search=$1

(I don't think the first two are relevant to my question, though).

When I type in myserver.com/list/foo%2Cbar or even myserver.com/list/foo/bar, I get the results I expect: list.php is called with foo,bar and foo/bar in $_GET['search'].

But if I type in myserver.com/list/foo%2Fbar, it seems that the rule doesn't match! I get a 404 error instead. What can be going on here? Apache 2.2.14, if it matters.

(I tried in Firefox and Chrome, same results -- but it could be the browser acting up, of course).

Mountford answered 25/9, 2011 at 9:46 Comment(2)
Could it be that Apache doesn't even look in my .htaccess file in this case? That would be a bug, I guess...Mountford
Error log contains (at info level): found %2f (encoded '/') in URI ... returning 404Snarl
M
18

Bah, I found it... Apache option AllowEncodedSlashes, which cannot be set per directory or from .htaccess, and which is Off by default.

Build-a-workaround time, if I can't get the hosting guys to turn it on in my virtual server.

Mountford answered 25/9, 2011 at 10:24 Comment(2)
When you do no want or it's impossible to change the server configuration you could replace all / characters by - before creating the URL. This won't be encoded as a %xx character. When you need the original string just replace the - with / again.Nefarious
I've just run into the exact same problem trying to pass a URL as a parameter in a mod_rewrite URL. My solution was to double urlencode the URL I'm trying to pass, then at the receiving end I decode it. I'm using JavaScript and PHP so on the JavaScript end I use encodeURIComponent(encodeURIComponent(urlToBePassed)) so that what actually gets passed as the parameter is http://example.com/url/http%253A%252F%252Ftheurl.being.passed.com%252FsomeDir%252FsomeImage.png. A bit convoluted but seems to work.Devondevona

© 2022 - 2024 — McMap. All rights reserved.