[users@httpd] URL escape bug : % and %25 ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I recently upgraded to apache 2.2.2 from 2.0.53.

Before this upgrade I had a special trick to solve the owa url escaping
problem (it does not escape an url as it should, see RFC). The trick was to
unescape the url and re-escape it again using apache reverse proxy. This was
achieved by the unescape and escape maps. This worked fine in 2.0.53.

In 2.2.2 however for some reason after the re-escaping was done, each % sign
is escaped to %25 before it is sent to the server on the lan. The rewrite
logs (loglevel 9) shows a correctly escaped url which is sent to the server
on the lan. A tcpdump however shows the extra encoding of each % sign.

Disabling the escape and unescape maps in the config stops this weird
behavior, but still sends incorrectly escaped urls through to the owa (due
to erroneous escaping of the owa itself) so this is not a solution.

This seems like a bug to me. Can anyone confirm this behavior and possible
solve this?

This is shown in the rewrite log: 

map lookup OK: map=unescape key=/exchange/pv/Postvak IN/ ->
val=/exchange/pv/Postvak IN/
map lookup OK: map=escape key=/exchange/pv/Postvak IN/ ->
val=/exchange/pv/Postvak%20IN/

...

forcing proxy-throughput with
http://xx.xx.xx.xx:80/exchange/pv/Postvak%20IN/
go-ahead with proxy request
proxy:http://xx.xx.xx.xx:80/exchange/pv/Postvak%20IN/ [OK]


This is shown in the tcpdump : 

PROPFIND /exchange/pv/Postvak%2520IN/ HTTP/1.1



Kind regards,
Pieter


--
---------------------------------------------------
Able: 1996-2006: already 10 safe years in YOUR company!

aXs GUARD has completed security and anti-virus checks on this e-mail (http://www.axsguard.com)
---------------------------------------------------
Able NV: ond.nr 0457.938.087
RPR Mechelen


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux