On Fri, 10 Mar 2023, Eric Covener wrote:
Saw another report on users@
Any thoughts on something like this to just allow spaces?
http://people.apache.org/~covener/patches/rewrite-lax.diff
(this is off my $bigco fork so may not actually apply)
On Thu, Mar 9, 2023 at 3:08 PM BUSH Steve <steven.b...@3ds.com> wrote:
Maybe we can slip an additional entry into the changelog.
I think in this case, for now at least, we'd primarily rely on the error_log
entry. Did this produce the new AH10410?
Yes, the error log did include the AH10410 message.
URL encoding the spaces either as \%20 (path or query string) or + (query
string) does eliminate the problem for our mappings.
From: Eric Covener <cove...@gmail.com>
Sent: Wednesday, March 8, 2023 8:31 PM
To: dev@httpd.apache.org
Subject: Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56
On Wed, Mar 8, 2023 at 11: 02 PM BUSH Steve <Steven. BUSH@ 3ds. com> wrote:
Correction! I used our test template for the rule when I e-mailed just now, but once
it is converted to the apache httpd. conf format, the actual rule appears in the
ZjQcmQR
YFpfptBannerEnd
On Wed, Mar 8, 2023 at 11:02 PM BUSH Steve <steven.b...@3ds.com> wrote:
Correction!
I used our test template for the rule when I e-mailed just now, but once it is
converted to the apache httpd.conf format, the actual rule appears in the
httpd.conf as:
RewriteRule ^/zoology/animals/reset/(\d+)$ "/auth/launchjob?Number of
Records=$1&__poolid=animal-magic" [B,PT,L,QSA]
Thanks for the report. Time will tell, but I think this is a very fringe
case. The space isn't a backreference (where `B` would have fixed it) and a
literal with a space in the substitution has to be quite rare (famous last
words)
I just looked at the mod_rewrite.c source differences from 2.4.55 to 2.4.56 and
it’s clear that the use of spaces in the query string of the mapped URL are the
cause of the 403 forbidden messages.
We can update our httpd.conf mapping code, so it won’t be a problem for us, but
it might be worth updating the mod_rewrite documentation on this?
Maybe we can slip an additional entry into the changelog.
I think in this case, for now at least, we'd primarily rely on the error_log
entry. Did this produce the new AH10410?
This email and any attachments are intended solely for the use of the
individual or entity to whom it is addressed and may be confidential and/or
privileged.
If you are not one of the named recipients or have received this email in error,
(i) you should not read, disclose, or copy it,
(ii) please notify sender of your receipt by reply email and delete this email
and all attachments,
(iii) Dassault Systèmes does not accept or assume any liability or
responsibility for any use of or reliance on this email.
Please be informed that your personal data are processed according to our data
privacy policy as described on our website. Should you have any questions
related to personal data protection, please contact 3DS Data Protection Officer
https://www.3ds.com/privacy-policy/contact/
I found now in https://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_b
that the RewriteRule flag B allows also to specify special characters to
be escaped:
In 2.4.26 and later, you can limit the escaping to specific characters in
backreferences by listing them: [B=#?;]. Note: The space character can be
used in the list of characters to escape, but it cannot be the last
character in the list.
At first I had problems to specify a space character but I found that
escaping them helps. To circumvent the above mentioned restriction
regarding the space character I used as a hack simply two ones so using
the additionally flag
[B=\ \ ]
helped at least in my case as workaround (but not yet properly tested for
side effects).
Jens
