subject:"Tomcat Rewrite Valve"

RE: [PossibleSpam] Re: Tomcat Rewrite Valve

2016-02-12 Thread Joe Aldrich


>Am 10.02.2016 um 15:23 schrieb Rémy Maucherat:
>> 2016-02-10 15:06 GMT+01:00 Joe Aldrich :
>>
 Am 29.01.2016 15:34, schrieb Joe Aldrich:
> Hello,
>
> I am using Tomcat 8.0.28 on Windows 10 and am having a problem with 
> the Rewrite Value. I must include the escaped form of an ampersand 
> '%26' in the output URL.
>
> My rewrite.config has the following:
>
> RewriteCond %{QUERY_STRING} ^(.*&)?SCID=8(&.*)?$ RewriteRule 
> ^/(product|specs|avail-options|avail-category)\.php$
> /Product.action?select=Model+4+\%26+4C [R=301,L,NE]
>
> I am escaping the percent sign with a backslash, and I have tried 
> using the NE flag. However, Tomcat always is treating the percent 
> symbol as a back reference to the above RewriteCond. If I don't 
> have a second capture group, then I get a 500 error from a 
> NullPointerException.
 The current tomcat code does not allow escaping of percent or dollar sign.

 The parser just looks for percent (or dollar) and applies it either 
 as a
>>> backreference (when it is followed by a digit), or a map.
 I have not found any indication, that escaping is possible with httpd.
 Could you provide a link to the doc, that states it is possible?
>>> In Apache mod_rewrite it is possible per this documentation:
>>> https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#quoting
>>
>> Ok, I added an item for that since the mod_rewrite behavior should be
>> implemented:
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=58988
>The fix will be included in 9.0.0.M4 and 8.0.33. The syntax will be the same 
>as with httpd 2.2 using a backslash to quota a percent sign.
>
>@Joe, could you test the current trunk for 8 or 9?

I tested the truck for Tomcat 8. Escaping '%' or '$' with '\' now works as 
expected according to the documentation.

Thanks for all the help on this,
 Joe

>Regards,
>  Felix
>> Rémy
>>
>>>
 If you are willing to build tomcat yourself, you could try the 
 attached
>>> patch, which will allow escaping of percent signs by specifying them as %%.
 Your example would thus look like
 "/Product.action?select=Model+4+%%26+4C".

 Regards,
   Felix
>>> I will look into applying the patch as I need to be able to redirect 
>>> to URLs that contain %26 in the query string.
>>> Much thanks,
>>> Joe
>>>
> I was working with the documentation on this page:
>
> http://tomcat.apache.org/tomcat-8.0-doc/rewrite.html
>
> The desired output URL would be:
>
> http://www.domain.com/Product.html?select=Model+4+%26+4C
>
> In the example given for the NE flag on the page reference above, 
> the percent sign is escaped by a backslash to prevent it from being 
> treated as a back-reference. This is not working for me. Instead I
> get:
>
> http://www.domain.com/Product.action?select=Model+4+\null6+4C
>
> Where the "null" is due to an empty second back-reference.  I 
> believe this is a bug in that it is not escaping the percent sign 
> (making it impossible to create the %26 in the redirect URL). Or am 
> I misunderstanding something here?
>
> As a side question, shouldn't an empty back-reference be blank 
> instead of adding 'null' to the URL?
>
> Joseph B Aldrich
>
>
> ---
> -- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [PossibleSpam] Re: Tomcat Rewrite Valve

2016-02-11 Thread Joe Aldrich



>Am 10.02.2016 um 15:23 schrieb Rémy Maucherat:
>> 2016-02-10 15:06 GMT+01:00 Joe Aldrich :
>>
 Am 29.01.2016 15:34, schrieb Joe Aldrich:
> Hello,
>
> I am using Tomcat 8.0.28 on Windows 10 and am having a problem with 
> the Rewrite Value. I must include the escaped form of an ampersand 
> '%26' in the output URL.
>
> My rewrite.config has the following:
>
> RewriteCond %{QUERY_STRING} ^(.*&)?SCID=8(&.*)?$ RewriteRule 
> ^/(product|specs|avail-options|avail-category)\.php$
> /Product.action?select=Model+4+\%26+4C [R=301,L,NE]
>
> I am escaping the percent sign with a backslash, and I have tried 
> using the NE flag. However, Tomcat always is treating the percent 
> symbol as a back reference to the above RewriteCond. If I don't 
> have a second capture group, then I get a 500 error from a 
> NullPointerException.
 The current tomcat code does not allow escaping of percent or dollar sign.

 The parser just looks for percent (or dollar) and applies it either 
 as a
>>> backreference (when it is followed by a digit), or a map.
 I have not found any indication, that escaping is possible with httpd.
 Could you provide a link to the doc, that states it is possible?
>>> In Apache mod_rewrite it is possible per this documentation:
>>> https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#quoting
>>
>> Ok, I added an item for that since the mod_rewrite behavior should be
>> implemented:
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=58988
>The fix will be included in 9.0.0.M4 and 8.0.33. The syntax will be the same 
>as with httpd 2.2 using a backslash to quota a percent sign.
>
>@Joe, could you test the current trunk for 8 or 9?

Yes, I will test it out as soon as I get the chance.

Thanks again,
Joe

>Regards,
>  Felix
>> Rémy
>>
>>>
 If you are willing to build tomcat yourself, you could try the 
 attached
>>> patch, which will allow escaping of percent signs by specifying them as %%.
 Your example would thus look like
 "/Product.action?select=Model+4+%%26+4C".

 Regards,
   Felix
>>> I will look into applying the patch as I need to be able to redirect 
>>> to URLs that contain %26 in the query string.
>>> Much thanks,
>>> Joe
>>>
> I was working with the documentation on this page:
>
> http://tomcat.apache.org/tomcat-8.0-doc/rewrite.html
>
> The desired output URL would be:
>
> http://www.domain.com/Product.html?select=Model+4+%26+4C
>
> In the example given for the NE flag on the page reference above, 
> the percent sign is escaped by a backslash to prevent it from being 
> treated as a back-reference. This is not working for me. Instead I
> get:
>
> http://www.domain.com/Product.action?select=Model+4+\null6+4C
>
> Where the "null" is due to an empty second back-reference.  I 
> believe this is a bug in that it is not escaping the percent sign 
> (making it impossible to create the %26 in the redirect URL). Or am 
> I misunderstanding something here?
>
> As a side question, shouldn't an empty back-reference be blank 
> instead of adding 'null' to the URL?
>
> Joseph B Aldrich
>
>
> ---
> -- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [PossibleSpam] Re: Tomcat Rewrite Valve

2016-02-11 Thread Felix Schumacher


Am 10.02.2016 um 15:23 schrieb Rémy Maucherat:

2016-02-10 15:06 GMT+01:00 Joe Aldrich :


Am 29.01.2016 15:34, schrieb Joe Aldrich:

Hello,

I am using Tomcat 8.0.28 on Windows 10 and am having a problem with
the Rewrite Value. I must include the escaped form of an ampersand
'%26' in the output URL.

My rewrite.config has the following:

RewriteCond %{QUERY_STRING} ^(.*&)?SCID=8(&.*)?$ RewriteRule
^/(product|specs|avail-options|avail-category)\.php$
/Product.action?select=Model+4+\%26+4C [R=301,L,NE]

I am escaping the percent sign with a backslash, and I have tried
using the NE flag. However, Tomcat always is treating the percent
symbol as a back reference to the above RewriteCond. If I don't have a
second capture group, then I get a 500 error from a
NullPointerException.

The current tomcat code does not allow escaping of percent or dollar sign.

The parser just looks for percent (or dollar) and applies it either as a

backreference (when it is followed by a digit), or a map.

I have not found any indication, that escaping is possible with httpd.
Could you provide a link to the doc, that states it is possible?

In Apache mod_rewrite it is possible per this documentation:
https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#quoting


Ok, I added an item for that since the mod_rewrite behavior should be
implemented:
https://bz.apache.org/bugzilla/show_bug.cgi?id=58988
The fix will be included in 9.0.0.M4 and 8.0.33. The syntax will be the 
same as with httpd 2.2 using a backslash to quota a percent sign.


@Joe, could you test the current trunk for 8 or 9?

Regards,
 Felix

Rémy




If you are willing to build tomcat yourself, you could try the attached

patch, which will allow escaping of percent signs by specifying them as %%.

Your example would thus look like
"/Product.action?select=Model+4+%%26+4C".

Regards,
  Felix

I will look into applying the patch as I need to be able to redirect to
URLs that contain %26 in the query string.
Much thanks,
Joe


I was working with the documentation on this page:

http://tomcat.apache.org/tomcat-8.0-doc/rewrite.html

The desired output URL would be:

http://www.domain.com/Product.html?select=Model+4+%26+4C

In the example given for the NE flag on the page reference above, the
percent sign is escaped by a backslash to prevent it from being
treated as a back-reference. This is not working for me. Instead I
get:

http://www.domain.com/Product.action?select=Model+4+\null6+4C

Where the "null" is due to an empty second back-reference.  I believe
this is a bug in that it is not escaping the percent sign (making it
impossible to create the %26 in the redirect URL). Or am I
misunderstanding something here?

As a side question, shouldn't an empty back-reference be blank instead
of adding 'null' to the URL?

Joseph B Aldrich


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [PossibleSpam] Re: Tomcat Rewrite Valve

2016-02-10 Thread Joe Aldrich


>Am 29.01.2016 15:34, schrieb Joe Aldrich:
>> Hello,
>> 
>> I am using Tomcat 8.0.28 on Windows 10 and am having a problem with 
>> the Rewrite Value. I must include the escaped form of an ampersand 
>> '%26' in the output URL.
>> 
>> My rewrite.config has the following:
>> 
>> RewriteCond %{QUERY_STRING} ^(.*&)?SCID=8(&.*)?$ RewriteRule 
>> ^/(product|specs|avail-options|avail-category)\.php$
>> /Product.action?select=Model+4+\%26+4C [R=301,L,NE]
>> 
>> I am escaping the percent sign with a backslash, and I have tried 
>> using the NE flag. However, Tomcat always is treating the percent 
>> symbol as a back reference to the above RewriteCond. If I don't have a 
>> second capture group, then I get a 500 error from a 
>> NullPointerException.

>The current tomcat code does not allow escaping of percent or dollar sign.
>
>The parser just looks for percent (or dollar) and applies it either as a 
>backreference (when it is followed by a digit), or a map.
>
>I have not found any indication, that escaping is possible with httpd. 
>Could you provide a link to the doc, that states it is possible?

In Apache mod_rewrite it is possible per this documentation:
https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#quoting

>If you are willing to build tomcat yourself, you could try the attached patch, 
>which will allow escaping of percent signs by specifying them as %%.
>
>Your example would thus look like
>"/Product.action?select=Model+4+%%26+4C".
>
>Regards,
>  Felix

I will look into applying the patch as I need to be able to redirect to URLs 
that contain %26 in the query string. 
Much thanks,
Joe

>> 
>> I was working with the documentation on this page:
>> 
>> http://tomcat.apache.org/tomcat-8.0-doc/rewrite.html
>> 
>> The desired output URL would be:
>> 
>> http://www.domain.com/Product.html?select=Model+4+%26+4C
>> 
>> In the example given for the NE flag on the page reference above, the 
>> percent sign is escaped by a backslash to prevent it from being 
>> treated as a back-reference. This is not working for me. Instead I
>> get:
>> 
>> http://www.domain.com/Product.action?select=Model+4+\null6+4C
>> 
>> Where the "null" is due to an empty second back-reference.  I believe 
>> this is a bug in that it is not escaping the percent sign (making it 
>> impossible to create the %26 in the redirect URL). Or am I 
>> misunderstanding something here?
>> 
>> As a side question, shouldn't an empty back-reference be blank instead 
>> of adding 'null' to the URL?
>> 
>> Joseph B Aldrich
>> 
>> 
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [PossibleSpam] Re: Tomcat Rewrite Valve

2016-02-10 Thread Rémy Maucherat

2016-02-10 15:06 GMT+01:00 Joe Aldrich :

>
> >Am 29.01.2016 15:34, schrieb Joe Aldrich:
> >> Hello,
> >>
> >> I am using Tomcat 8.0.28 on Windows 10 and am having a problem with
> >> the Rewrite Value. I must include the escaped form of an ampersand
> >> '%26' in the output URL.
> >>
> >> My rewrite.config has the following:
> >>
> >> RewriteCond %{QUERY_STRING} ^(.*&)?SCID=8(&.*)?$ RewriteRule
> >> ^/(product|specs|avail-options|avail-category)\.php$
> >> /Product.action?select=Model+4+\%26+4C [R=301,L,NE]
> >>
> >> I am escaping the percent sign with a backslash, and I have tried
> >> using the NE flag. However, Tomcat always is treating the percent
> >> symbol as a back reference to the above RewriteCond. If I don't have a
> >> second capture group, then I get a 500 error from a
> >> NullPointerException.
>
> >The current tomcat code does not allow escaping of percent or dollar sign.
> >
> >The parser just looks for percent (or dollar) and applies it either as a
> backreference (when it is followed by a digit), or a map.
> >
> >I have not found any indication, that escaping is possible with httpd.
> >Could you provide a link to the doc, that states it is possible?
>
> In Apache mod_rewrite it is possible per this documentation:
> https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#quoting


Ok, I added an item for that since the mod_rewrite behavior should be
implemented:
https://bz.apache.org/bugzilla/show_bug.cgi?id=58988

Rémy

>
>
> >If you are willing to build tomcat yourself, you could try the attached
> patch, which will allow escaping of percent signs by specifying them as %%.
> >
> >Your example would thus look like
> >"/Product.action?select=Model+4+%%26+4C".
> >
> >Regards,
> >  Felix
>
> I will look into applying the patch as I need to be able to redirect to
> URLs that contain %26 in the query string.
> Much thanks,
> Joe
>
> >>
> >> I was working with the documentation on this page:
> >>
> >> http://tomcat.apache.org/tomcat-8.0-doc/rewrite.html
> >>
> >> The desired output URL would be:
> >>
> >> http://www.domain.com/Product.html?select=Model+4+%26+4C
> >>
> >> In the example given for the NE flag on the page reference above, the
> >> percent sign is escaped by a backslash to prevent it from being
> >> treated as a back-reference. This is not working for me. Instead I
> >> get:
> >>
> >> http://www.domain.com/Product.action?select=Model+4+\null6+4C
> >>
> >> Where the "null" is due to an empty second back-reference.  I believe
> >> this is a bug in that it is not escaping the percent sign (making it
> >> impossible to create the %26 in the redirect URL). Or am I
> >> misunderstanding something here?
> >>
> >> As a side question, shouldn't an empty back-reference be blank instead
> >> of adding 'null' to the URL?
> >>
> >> Joseph B Aldrich
> >>
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Re: Tomcat Rewrite Valve

2016-02-10 Thread Felix Schumacher


Am 29.01.2016 15:34, schrieb Joe Aldrich:

Hello,

I am using Tomcat 8.0.28 on Windows 10 and am having a problem with
the Rewrite Value. I must include the escaped form of an ampersand
'%26' in the output URL.

My rewrite.config has the following:

RewriteCond %{QUERY_STRING} ^(.*&)?SCID=8(&.*)?$
RewriteRule ^/(product|specs|avail-options|avail-category)\.php$
/Product.action?select=Model+4+\%26+4C [R=301,L,NE]

I am escaping the percent sign with a backslash, and I have tried
using the NE flag. However, Tomcat always is treating the percent
symbol as a back reference to the above RewriteCond. If I don't have a
second capture group, then I get a 500 error from a
NullPointerException.


The current tomcat code does not allow escaping of percent or dollar 
sign.


The parser just looks for percent (or dollar) and applies it either as a 
backreference (when it is followed by a digit), or a map.


I have not found any indication, that escaping is possible with httpd. 
Could you provide a link to the doc, that states it is possible?


If you are willing to build tomcat yourself, you could try the attached 
patch, which will allow escaping of percent signs by specifying them as 
%%.


Your example would thus look like 
"/Product.action?select=Model+4+%%26+4C".


Regards,
 Felix



I was working with the documentation on this page:

http://tomcat.apache.org/tomcat-8.0-doc/rewrite.html

The desired output URL would be:

http://www.domain.com/Product.html?select=Model+4+%26+4C

In the example given for the NE flag on the page reference above, the
percent sign is escaped by a backslash to prevent it from being
treated as a back-reference. This is not working for me. Instead I
get:

http://www.domain.com/Product.action?select=Model+4+\null6+4C

Where the "null" is due to an empty second back-reference.  I believe
this is a bug in that it is not escaping the percent sign (making it
impossible to create the %26 in the redirect URL). Or am I
misunderstanding something here?

As a side question, shouldn't an empty back-reference be blank instead
of adding 'null' to the URL?

Joseph B Aldrich
Junior Java Developer
P: 800.981.1540 | F: 715.254.0996
4848 Industrial Park Rd. Stevens Point. 54481


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
diff --git a/java/org/apache/catalina/valves/rewrite/Substitution.java 
b/java/org/apache/catalina/valves/rewrite/Substitution.java
index 0f84792..fc23b92 100644
--- a/java/org/apache/catalina/valves/rewrite/Substitution.java
+++ b/java/org/apache/catalina/valves/rewrite/Substitution.java
@@ -186,7 +186,7 @@ public class Substitution {
 newElement.n = Character.digit(sub.charAt(percentPos + 1), 
10);
 pos = percentPos + 2;
 elements.add(newElement);
-} else {
+} else if (sub.charAt(percentPos + 1) == '{'){
 // %: server variable as %{variable}
 SubstitutionElement newElement = null;
 int open = sub.indexOf('{', percentPos);
@@ -218,6 +218,13 @@ public class Substitution {
 }
 pos = close + 1;
 elements.add(newElement);
+} else if (sub.charAt(percentPos + 1) == '%') {
+StaticElement percentSign = new StaticElement();
+percentSign.value = "%";
+elements.add(percentSign);
+pos = percentPos + 2;
+} else {
+throw new IllegalArgumentException(sub + ": Missing digit, 
curly brace or percent sign.");
 }
 }
 }
diff --git a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java 
b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
index 47f9440..070519c 100644
--- a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
+++ b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
@@ -33,6 +33,11 @@ public class TestRewriteValve extends TomcatBaseTest {
 }
 
 @Test
+public void testPercentSign() throws Exception {
+doTestRewrite("RewriteRule ^(.*) /a/%%5A", "/", "/a/%255A");
+}
+
+@Test
 public void testNoopRewrite() throws Exception {
 doTestRewrite("RewriteRule ^(.*) $1", "/a/%255A", "/a/%255A");
 }

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: FW: [PossibleSpam] Re: Tomcat Rewrite Valve

2016-02-09 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joe,

On 2/9/16 9:18 AM, Joe Aldrich wrote:
> This is my first attempt at interaction with the Tomcat Users List.
>  I haven't heard anything back on my response to the initial
> followup by Chris, and I was just checking if there was anything
> else needed from me on this.

I was waiting to see if someone else with more familiarity with the
rewrite valve would speak up. I don't have time to dive into that code
right now, unfortunately.

- -chris

> -Original Message- From: Joe Aldrich Sent: Friday, January
> 29, 2016 5:07 PM To: Tomcat Users List Subject: RE: [PossibleSpam]
> Re: Tomcat Rewrite Valve
> 
> Hello,
> 
> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
> 
> Joe,
> 
>> On 1/29/16 9:34 AM, Joe Aldrich wrote:
>>> I am using Tomcat 8.0.28 on Windows 10 and am having a problem
>>> with the Rewrite Value. I must include the escaped form of an
>>> ampersand '%26' in the output URL.
>>> 
>>> My rewrite.config has the following:
>>> 
>>> RewriteCond %{QUERY_STRING} ^(.*&)?SCID=8(&.*)?$ RewriteRule 
>>> ^/(product|specs|avail-options|avail-category)\.php$ 
>>> /Product.action?select=Model+4+\%26+4C [R=301,L,NE]
>>> 
>>> I am escaping the percent sign with a backslash, and I have
>>> tried using the NE flag. However, Tomcat always is treating the
>>> percent symbol as a back reference to the above RewriteCond. If
>>> I don't have a second capture group, then I get a 500 error
>>> from a NullPointerException.
> 
>> Can you please post the stack trace from that?
> 
> Here is what I get if I don’t specify a second capture group:
> 
> HTTP Status 500 - No group 2
> 
> type Exception report
> 
> message No group 2
> 
> description The server encountered an internal error that prevented
> it from fulfilling this request.
> 
> exception
> 
> java.lang.IndexOutOfBoundsException: No group 2 
> java.util.regex.Matcher.group(Unknown Source) 
> org.apache.catalina.valves.rewrite.Substitution$RewriteCondBackReferen
ceElement.evaluate(Substitution.java:51)
>
> 
org.apache.catalina.valves.rewrite.Substitution.evaluate(Substitution.ja
va:238)
> org.apache.catalina.valves.rewrite.RewriteRule.evaluate(RewriteRule.ja
va:133)
>
> 
org.apache.catalina.valves.rewrite.RewriteValve.invoke(RewriteValve.java
:292)
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.ja
va:79)
>
> 
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessL
ogValve.java:616)
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
:518)
>
> 
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11P
rocessor.java:1091)
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(A
bstractProtocol.java:673)
>
> 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint
.java:1500)
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint
.java:1456)
>
> 
java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
> java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) 
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThr
ead.java:61)
>
> 
java.lang.Thread.run(Unknown Source)
> note The full stack trace of the root cause is available in the
> Apache Tomcat/8.0.28 logs.
> 
> Apache Tomcat/8.0.28
> 
>>> I was working with the documentation on this page:
>>> 
>>> http://tomcat.apache.org/tomcat-8.0-doc/rewrite.html
>>> 
>>> The desired output URL would be:
>>> 
>>> http://www.domain.com/Product.html?select=Model+4+%26+4C
> 
>> Presumably, if you don't escape it at all, you get:
>> 
>> http://www.domain.com/Product.html?select=Model+4+%2526+4C
>> 
>> ?
> 
> If I do not use the backslash to escape the percent sign, then
> (with or without the [NE] flag) I get a back-reference resulting in
> a 500 error if there isn't a second capture group. If there is a
> second capture group I get:
> 
> http://www.domain.com/Product.html?select=Model+4+null26+4C
> 
> (where again, null represents there was nothing specified after the
> SCID=8 in the query string).
> 
> If I omit the [NE] flag and keep the backslash to escape the
> percent sign, the escaping of the percent sign fails and I get
> similar results except for the presence of the backslash in the
> output URL as:
> 
> http://www.domain.com/Product.html?select=Model+4+\null26+4C
> 
> 
>>> In the example given for the NE flag on the page reference
>>> above, the percent sign is escaped by a backslash to prevent it
>>> f

FW: [PossibleSpam] Re: Tomcat Rewrite Valve

2016-02-09 Thread Joe Aldrich

Hello,

This is my first attempt at interaction with the Tomcat Users List. I haven't 
heard anything back on my response to the initial followup by Chris, and I was 
just checking if there was anything else needed from me on this.

Thanks,
Joe

-Original Message-
From: Joe Aldrich 
Sent: Friday, January 29, 2016 5:07 PM
To: Tomcat Users List
Subject: RE: [PossibleSpam] Re: Tomcat Rewrite Valve

Hello,

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joe,

>On 1/29/16 9:34 AM, Joe Aldrich wrote:
>> I am using Tomcat 8.0.28 on Windows 10 and am having a problem with 
>> the Rewrite Value. I must include the escaped form of an ampersand 
>> '%26' in the output URL.
>> 
>> My rewrite.config has the following:
>> 
>> RewriteCond %{QUERY_STRING} ^(.*&)?SCID=8(&.*)?$ RewriteRule 
>> ^/(product|specs|avail-options|avail-category)\.php$
>> /Product.action?select=Model+4+\%26+4C [R=301,L,NE]
>> 
>> I am escaping the percent sign with a backslash, and I have tried 
>> using the NE flag. However, Tomcat always is treating the percent 
>> symbol as a back reference to the above RewriteCond. If I don't have 
>> a second capture group, then I get a 500 error from a 
>> NullPointerException.

>Can you please post the stack trace from that?

Here is what I get if I don’t specify a second capture group:

HTTP Status 500 - No group 2

type Exception report

message No group 2

description The server encountered an internal error that prevented it from 
fulfilling this request.

exception

java.lang.IndexOutOfBoundsException: No group 2
java.util.regex.Matcher.group(Unknown Source)

org.apache.catalina.valves.rewrite.Substitution$RewriteCondBackReferenceElement.evaluate(Substitution.java:51)

org.apache.catalina.valves.rewrite.Substitution.evaluate(Substitution.java:238)

org.apache.catalina.valves.rewrite.RewriteRule.evaluate(RewriteRule.java:133)

org.apache.catalina.valves.rewrite.RewriteValve.invoke(RewriteValve.java:292)

org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)

org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)

org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)

org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)

org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673)

org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)

org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Unknown Source)
note The full stack trace of the root cause is available in the Apache 
Tomcat/8.0.28 logs.

Apache Tomcat/8.0.28

>> I was working with the documentation on this page:
>> 
>> http://tomcat.apache.org/tomcat-8.0-doc/rewrite.html
>> 
>> The desired output URL would be:
>> 
>> http://www.domain.com/Product.html?select=Model+4+%26+4C

>Presumably, if you don't escape it at all, you get:
>
>http://www.domain.com/Product.html?select=Model+4+%2526+4C
>
>?

If I do not use the backslash to escape the percent sign, then (with or without 
the [NE] flag) I get a back-reference resulting in a 500 error if there isn't a 
second capture group. If there is a second capture group I get:

http://www.domain.com/Product.html?select=Model+4+null26+4C

(where again, null represents there was nothing specified after the SCID=8 in 
the query string).

If I omit the [NE] flag and keep the backslash to escape the percent sign, the 
escaping of the percent sign fails and I get similar results except for the 
presence of the backslash in the output URL as:

http://www.domain.com/Product.html?select=Model+4+\null26+4C


>> In the example given for the NE flag on the page reference above, the 
>> percent sign is escaped by a backslash to prevent it from being 
>> treated as a back-reference. This is not working for me. Instead I
>> get:
>> 
>> http://www.domain.com/Product.action?select=Model+4+\null6+4C
>> 
>> Where the "null" is due to an empty second back-reference.  I believe 
>> this is a bug in that it is not escaping the percent sign (making it 
>> impossible to create the %26 in the redirect URL). Or am I 
>> misunderstanding something here?
>> 
>> As a side question, shouldn't an empty back-reference be blank 
>> instead of adding 'null' to the URL?

>I agree that the "null"

Tomcat Rewrite Valve

2016-01-29 Thread Joe Aldrich

Hello,

I am using Tomcat 8.0.28 on Windows 10 and am having a problem with the Rewrite 
Value. I must include the escaped form of an ampersand '%26' in the output URL.

My rewrite.config has the following:

RewriteCond %{QUERY_STRING} ^(.*&)?SCID=8(&.*)?$
RewriteRule ^/(product|specs|avail-options|avail-category)\.php$ 
/Product.action?select=Model+4+\%26+4C [R=301,L,NE]

I am escaping the percent sign with a backslash, and I have tried using the NE 
flag. However, Tomcat always is treating the percent symbol as a back reference 
to the above RewriteCond. If I don't have a second capture group, then I get a 
500 error from a NullPointerException.

I was working with the documentation on this page:

http://tomcat.apache.org/tomcat-8.0-doc/rewrite.html

The desired output URL would be:

http://www.domain.com/Product.html?select=Model+4+%26+4C

In the example given for the NE flag on the page reference above, the percent 
sign is escaped by a backslash to prevent it from being treated as a 
back-reference. This is not working for me. Instead I get:

http://www.domain.com/Product.action?select=Model+4+\null6+4C

Where the "null" is due to an empty second back-reference.  I believe this is a 
bug in that it is not escaping the percent sign (making it impossible to create 
the %26 in the redirect URL). Or am I misunderstanding something here?

As a side question, shouldn't an empty back-reference be blank instead of 
adding 'null' to the URL?

Joseph B Aldrich
Junior Java Developer
P: 800.981.1540 | F: 715.254.0996
4848 Industrial Park Rd. Stevens Point. 54481


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [PossibleSpam] Re: Tomcat Rewrite Valve

2016-01-29 Thread Joe Aldrich

Hello,

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joe,

>On 1/29/16 9:34 AM, Joe Aldrich wrote:
>> I am using Tomcat 8.0.28 on Windows 10 and am having a problem with 
>> the Rewrite Value. I must include the escaped form of an ampersand 
>> '%26' in the output URL.
>> 
>> My rewrite.config has the following:
>> 
>> RewriteCond %{QUERY_STRING} ^(.*&)?SCID=8(&.*)?$ RewriteRule 
>> ^/(product|specs|avail-options|avail-category)\.php$
>> /Product.action?select=Model+4+\%26+4C [R=301,L,NE]
>> 
>> I am escaping the percent sign with a backslash, and I have tried 
>> using the NE flag. However, Tomcat always is treating the percent 
>> symbol as a back reference to the above RewriteCond. If I don't have a 
>> second capture group, then I get a 500 error from a 
>> NullPointerException.

>Can you please post the stack trace from that?

Here is what I get if I don’t specify a second capture group:

HTTP Status 500 - No group 2

type Exception report

message No group 2

description The server encountered an internal error that prevented it from 
fulfilling this request.

exception

java.lang.IndexOutOfBoundsException: No group 2
java.util.regex.Matcher.group(Unknown Source)

org.apache.catalina.valves.rewrite.Substitution$RewriteCondBackReferenceElement.evaluate(Substitution.java:51)

org.apache.catalina.valves.rewrite.Substitution.evaluate(Substitution.java:238)

org.apache.catalina.valves.rewrite.RewriteRule.evaluate(RewriteRule.java:133)

org.apache.catalina.valves.rewrite.RewriteValve.invoke(RewriteValve.java:292)

org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)

org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)

org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)

org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)

org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673)

org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)

org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Unknown Source)
note The full stack trace of the root cause is available in the Apache 
Tomcat/8.0.28 logs.

Apache Tomcat/8.0.28

>> I was working with the documentation on this page:
>> 
>> http://tomcat.apache.org/tomcat-8.0-doc/rewrite.html
>> 
>> The desired output URL would be:
>> 
>> http://www.domain.com/Product.html?select=Model+4+%26+4C

>Presumably, if you don't escape it at all, you get:
>
>http://www.domain.com/Product.html?select=Model+4+%2526+4C
>
>?

If I do not use the backslash to escape the percent sign, then (with or without 
the [NE] flag) I get a back-reference resulting in a 500 error if there isn't a 
second capture group. If there is a second capture group I get:

http://www.domain.com/Product.html?select=Model+4+null26+4C

(where again, null represents there was nothing specified after the SCID=8 in 
the query string).

If I omit the [NE] flag and keep the backslash to escape the percent sign, the 
escaping of the percent sign fails and I get similar results except for the 
presence of the backslash in the output URL as:

http://www.domain.com/Product.html?select=Model+4+\null26+4C


>> In the example given for the NE flag on the page reference above, the 
>> percent sign is escaped by a backslash to prevent it from being 
>> treated as a back-reference. This is not working for me. Instead I
>> get:
>> 
>> http://www.domain.com/Product.action?select=Model+4+\null6+4C
>> 
>> Where the "null" is due to an empty second back-reference.  I believe 
>> this is a bug in that it is not escaping the percent sign (making it 
>> impossible to create the %26 in the redirect URL). Or am I 
>> misunderstanding something here?
>> 
>> As a side question, shouldn't an empty back-reference be blank instead 
>> of adding 'null' to the URL?

>I agree that the "null" is incorrect. That is almost certainly a bug.
>
>[NE] should be preventing escaping of the resulting URL, but that might break 
>if you had user-specified input being re-written, but then not escaped.
>
>I'm not entirely sure if backslash-escaping is expected to work for 
>back-references. It's certainly a reasonable expectation, especially if that's 
>the way that mod_rewrite >works (and I don't know if that's the case). The 
>"escaping" section is only mentioned in the "regular expressions" section, and 
>not in the "backreferences" section, which is >why I think there may be some 
>room for alternative interpretations, here.
>
>I'm curious if \$25 works (as opposed to

Re: Tomcat Rewrite Valve

2016-01-29 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joe,

On 1/29/16 9:34 AM, Joe Aldrich wrote:
> I am using Tomcat 8.0.28 on Windows 10 and am having a problem with
> the Rewrite Value. I must include the escaped form of an ampersand
> '%26' in the output URL.
> 
> My rewrite.config has the following:
> 
> RewriteCond %{QUERY_STRING} ^(.*&)?SCID=8(&.*)?$ RewriteRule
> ^/(product|specs|avail-options|avail-category)\.php$
> /Product.action?select=Model+4+\%26+4C [R=301,L,NE]
> 
> I am escaping the percent sign with a backslash, and I have tried
> using the NE flag. However, Tomcat always is treating the percent
> symbol as a back reference to the above RewriteCond. If I don't
> have a second capture group, then I get a 500 error from a
> NullPointerException.

Can you please post the stack trace from that?

> I was working with the documentation on this page:
> 
> http://tomcat.apache.org/tomcat-8.0-doc/rewrite.html
> 
> The desired output URL would be:
> 
> http://www.domain.com/Product.html?select=Model+4+%26+4C

Presumably, if you don't escape it at all, you get:

http://www.domain.com/Product.html?select=Model+4+%2526+4C

?

> In the example given for the NE flag on the page reference above,
> the percent sign is escaped by a backslash to prevent it from being
> treated as a back-reference. This is not working for me. Instead I
> get:
> 
> http://www.domain.com/Product.action?select=Model+4+\null6+4C
> 
> Where the "null" is due to an empty second back-reference.  I
> believe this is a bug in that it is not escaping the percent sign
> (making it impossible to create the %26 in the redirect URL). Or am
> I misunderstanding something here?
> 
> As a side question, shouldn't an empty back-reference be blank
> instead of adding 'null' to the URL?

I agree that the "null" is incorrect. That is almost certainly a bug.

[NE] should be preventing escaping of the resulting URL, but that
might break if you had user-specified input being re-written, but then
not escaped.

I'm not entirely sure if backslash-escaping is expected to work for
back-references. It's certainly a reasonable expectation, especially
if that's the way that mod_rewrite works (and I don't know if that's
the case). The "escaping" section is only mentioned in the "regular
expressions" section, and not in the "backreferences" section, which
is why I think there may be some room for alternative interpretations,
here.

I'm curious if \$25 works (as opposed to \%25), and this is merely an
oversight for one type of backreference. Can you confirm whether \$25
works as you expect (i.e. resulting in a URL containing a literal $25)?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlary+YACgkQ9CaO5/Lv0PAjOACgrxb5md+QtRwzENQCOWtonQft
K70An3MWvKlh2nFgEL/mhjZK+RGIHB2y
=0g9b
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [PossibleSpam] Re: Tomcat Rewrite Valve

RE: [PossibleSpam] Re: Tomcat Rewrite Valve

Re: [PossibleSpam] Re: Tomcat Rewrite Valve

RE: [PossibleSpam] Re: Tomcat Rewrite Valve

Re: [PossibleSpam] Re: Tomcat Rewrite Valve

Re: Tomcat Rewrite Valve

Re: FW: [PossibleSpam] Re: Tomcat Rewrite Valve

FW: [PossibleSpam] Re: Tomcat Rewrite Valve

Tomcat Rewrite Valve

RE: [PossibleSpam] Re: Tomcat Rewrite Valve

Re: Tomcat Rewrite Valve

11 matches

Site Navigation

Mail list logo

Footer information