Need to allow encoded slashes on Apache

I kept coming across this post for another issue. Let me just explain real quick.

I had the same style URL and was also trying to proxy it.

Example: Proxy requests from /example/ to another server.

/example/http:%2F%2Fwww.someurl.com/

Issue 1: Apache believes that’s an invalid url

Solution: AllowEncodedSlashes On in httpd.conf

Issue 2: Apache decodes the encoded slashes

Solution: AllowEncodedSlashes NoDecode in httpd.conf (Requires Apache 2.3.12+)

Issue 3: mod_proxy attempts to re-encode (double encode) the URL changing %2F to %252F (eg. /example/http:%252F%252Fwww.someurl.com/)

Solution: In httpd.conf use the ProxyPass keyword nocanon to pass the raw URL thru the proxy.

ProxyPass http://anotherserver:8080/example/ nocanon

httpd.conf file:

AllowEncodedSlashes NoDecode

<Location /example/>
  ProxyPass http://anotherserver:8080/example/ nocanon
</Location>

Reference:

  • http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
  • http://www.silverdisc.co.uk/blog/2009/02/28/url-canonicalisation-and-normalisation
  • Cannot match %2F in mod_rewrite

Related Contents:

  1. How to change the default encoding to UTF-8 for Apache
  2. How can I implement rate limiting with Apache? (requests per second)
  3. .htaccess ErrorDocument 404 not showing up
  4. Apache2 ProxyPass for Rails App Gitlab
  5. Authorization header missing in django rest_framework, is apache to blame?
  6. Remove .php extension with .htaccess
  7. Tips for debugging .htaccess rewrite rules
  8. htaccess redirect to https://www
  9. Error message “Forbidden You don’t have permission to access / on this server” [closed]
  10. How to debug Apache mod_rewrite
  11. Apache and Node.js on the Same Server
  12. htaccess remove index.php from url
  13. How can I make PHP display the error instead of giving me 500 Internal Server Error [duplicate]
  14. Https to http redirect using htaccess
  15. How do you increase the max number of concurrent connections in Apache?
  16. Deny access to one specific folder in .htaccess
  17. Apache 301 Redirect and preserving post data
  18. What does RewriteBase do and how to use it?
  19. How to debug .htaccess RewriteRule not working
  20. How to CORS-enable Apache web server (including preflight and custom headers)?
  21. How to force https on elastic beanstalk?
  22. Are square brackets permitted in URLs?
  23. Configure apache to listen on port other than 80
  24. Difference between the Apache HTTP Server and Apache Tomcat? [closed]
  25. How can I pre-compress files with mod_deflate in Apache 2.x?
  26. What is apache’s maximum url length?
  27. How to change port number for apache in WAMP
  28. How to redirect URLs based on query string?
  29. How do I ignore a directory in mod_rewrite?
  30. Understanding Apache’s access log
  31. Case Insensitive URLs with mod_rewrite
  32. WAMP 403 Forbidden message on Windows 7
  33. apache redirect http to https and www to non www
  34. CSS, JS and images do not display with pretty url
  35. How to make static content on Apache be cached by browser and not checked for freshness with every request?
  36. Mod_Rewrite unexpected behavior L flag
  37. How to setup apache server for React route?
  38. How to use vhosts alongside node-http-proxy?
  39. Obsolete cryptography warning from Browser
  40. Apache Server (xampp) doesn’t run on Windows 10 (Port 80)
  41. Apache rewrite based on subdomain
  42. Vagrant’s port forwarding not working [closed]
  43. Apache default VirtualHost
  44. rewrite rules for apache 2 to use with angular js
  45. How to debug an apache virtual host configuration?
  46. htaccess exclude one url from Basic Auth
  47. Multiple RewriteRules for single RewriteCond in .htaccess
  48. How to force Apache to use manually pre-compressed gz file of CSS and JS files?
  49. What web server to use for Lua web development [closed]
  50. htaccess redirect index.php to root (including subdomains)

Leave a Comment