https://issues.apache.org/bugzilla/show_bug.cgi?id=49642
--- Comment #6 from Anders Kaseorg <[email protected]> --- I tried passing every unescaped and escaped character through mod_rewrite in a loop, and came up with this list of escaping problems. RewriteRule ^page/(.*)$ page.cgi/$1 page.cgi/foo%0abar: PATH_INFO="/foo\nbar" page/foo%0abar: 404 page.cgi/foo%23bar: PATH_INFO="/foo#bar" page/foo%23bar: PATH_INFO="/foo" page.cgi/foo%25bar: PATH_INFO="/foo%bar" page/foo%25bar: PATH_INFO="/foo\x{BA}r" page.cgi/foo%3fbar: PATH_INFO="/foo?bar" page/foo%3fbar: PATH_INFO="/foo" QUERY_STRING="bar" (%0a is the regex’s fault in this case, since . doesn’t match newline by default, but the problem doesn’t go away with a more careful regex like (?s)\Apage/(.*)\z .) I’ve seen some people recommend the [B] flag as a solution, so I tried that too. That comes with its own set of problems: RewriteRule ^page/(.*)$ page.cgi/$1 [B] page.cgi/foo%0abar: PATH_INFO="/foo\nbar" page/foo%0abar: 404 page.cgi/foo%20bar: PATH_INFO="/foo bar" page/foo%20bar: PATH_INFO="/foo+bar" page.cgi/foo/bar: PATH_INFO="/foo/bar" page/foo/bar: 404 I’m running apache2 2.4.7-1ubuntu1 on Ubuntu trusty amd64. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
