> On 10 Mar 2023, at 16:32, Eric Covener <cove...@gmail.com> wrote: > > On Fri, Mar 10, 2023 at 8:56 AM Thomas Åkesson > <thomas.akes...@simonsoft.se> wrote: >> >> Hi, >> >> We are experiencing the effect that a RewriteRule resulting in R (redirect) >> are blocked (403) with AH10410 despite being encoded before 2.4.56 (the >> resulting Location header was ok). Is this change intentional? >> >> Example: >> RewriteRule ^/here/([^/]+)(/.*)$ >> http://example.com:8080/elsewhere/?base=$1&target=$2 [R,QSA,L] >> >> We are evaluating this workaround: >> [R,B,BNP,NE,QSA,L] >> >> This results in encoded slashes which is not necessary. Any ideas how to >> achieve the previous result?
Also found that many additional characters are encoded that were not encoded before 2.4.56 (parentheses, period, ...). The primary concern is loss of URL readability. > You can limit the characters B will escape. I assume spaces in the > URL are the original problem? Yes, they are the problem that we have seen. I am not sure if the "control characters" mentioned would ever appear in normal use. > Try e.g. [R,B= ?,...] > > The question mark is to avoid the issue of not being able to have " " > as the final character in this syntax. Thanks for the suggestion. I am unable to make 2.4.52 (Ubuntu) accept space for the B-flag. I have tried first, middle, last, only flag but always getting "RewriteRule: bad flag delimiters". I am also having concerns whether this would work (unable to test at this time). - The spaces would likely be double-encoded unless adding NE - Adding NE would suppress encoding of all other characters that should be encoded in the query string --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
