Re: mod_rewrite double escaping query strings

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tom Evans wrote:

On Thu, 2008-10-02 at 16:41 +0100, Tom Evans wrote:

Following up my own email, for the archive, the solution was to add flag
NE to the RewriteRule.

Cheers

Tom


Keeping up my monologue, adding flag NE (no-escape) is still just half a
solution. For an example I created the file %.html in my documentroot,
with the vhost config as below:

  ServerName sweetums
  ServerAlias foofoo
  RewriteEngine On
  RewriteCond %{HTTP_HOST} !^sweetums$
  RewriteRule ^/(.*) http://sweetums/$1 [R=301,L]

I get the following behaviour:
http://foofoo/index.html => http://sweetums/index.html
http://foofoo/index.html?fo=%25 => http://sweetums/index.html?fo=%2525 http://foofoo/%25.html => http://sweetums/%25.html 
So, it is correct for paths containing escaped characters, and incorrect
for query strings containing escaped characters.

If I modify the RewriteRule to add flag NE, then I get this behaviour:
http://foofoo/index.html => http://sweetums/index.html
http://foofoo/index.html?foo=%25 => http://sweetums/index.html?foo=%25 http://foofoo/%25.html?foo=%25 => http://sweetums/%.html?foo=%25 (bad 
request)

So this time, it is incorrect for paths containing escaped characters,
and correct for query strings containing escaped characters.

It seems I can either have the path escaped incorrectly, or the query
string escaped incorrectly, but there are no options to keep both path
and query strings correctly escaped as per the original request.

If someone knows a solution to this, please let me know! Otherwise, I
guess I'll be writing a hostname c14n module..

Cheers

Tom
Looking through the docs, I see the [B] flag for the RewriteRule directive that may work for you (maybe combined with the [NE] flag?). However, I can't get the [B] flag to work in my Apache 2.2 installation :( (it says it's an invalid flag). Maybe you'll have better luck than me.
I'm sure there's a way do do this, but I'm not finding anything obvious in the docs. 

--
Justin Pasher

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux