Languages
[Edit]
EN

Apache 2 - enable encoded slash support in path segments (/ encoding as %2F, e.g. /path/to%2Fendpoint)

7 points
Created by:
Palus-Bear
676

In this short article, we would like to show how in Apache2Ā enableĀ encoded slashes supportĀ inĀ path segments.

By default, it is not permitted to useĀ %2FĀ in path segments, that causes 404 response in Apache2 server, and it is necessary to enable it.

Apache2 with not permitted %2F in URL.
Apache2 with not permitted %2F in URL.

Quick solution:

Add the following line into your host configuration:

<VirtualHost *:80>
    AllowEncodedSlashes On
</VirtualHost>

or:

<VirtualHost *:80>
    AllowEncodedSlashes NoDecode
</VirtualHost>

Warning: be careful using %2F in the paths, because some software may do not interpret it well,
e.g. some bots that crawl your website may decode URLs before calling your pages.

Ā 

Available cases

This section contains description for possibleĀ AllowEncodedSlashes values that allows using encoded slashes in URLs.

VirtualHost ConfigurationDescription
<VirtualHost *:80>
    ...
    AllowEncodedSlashes On
    ...
</VirtualHost>

In thatĀ configuration URLs with %2F are accepted, andĀ encoded slashes are decoded like all other encoded characters.

It means: /path%2Fto%2Fapi will be decoded to /path/to/api and passed to the web application logic.

<VirtualHost *:80>
    ...
    AllowEncodedSlashes NoDecode
    ...
</VirtualHost>

In thatĀ configuration URLs with %2F are accepted, but encoded slashes are not decoded but left in their encoded state.

It means: /path%2Fto%2Fapi will be not decoded but passed to the web application logic with %2F.

Sometimes it is necessary to allow slashes usage with proxy, which can lead to useĀ nocanon parameter in ProxyPass.

Example:

<VirtualHost *:80>
    ...
    AllowEncodedSlashes NoDecode
    ...
    ProxyPass /proxy http://127.0.0.1:8080/ nocanon
    ...
</VirtualHost>

Where:Ā http://127.0.0.1:8080/ receives URLs with %2F codes.Ā 

References

  1. AllowEncodedSlashes - Apache2 Docs
  2. Apache Module mod_proxy - Apache2 Docs

Native Advertising
šŸš€
Get your tech brand or product in front of software developers.
For more information Contact us
Dirask - we help you to
solve coding problems.
Ask question.

ā¤ļøšŸ’» šŸ™‚

Join