httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <tevans...@googlemail.com>
Subject [users@httpd] Escaped '/' in path components of URI is parsed as a bad request
Date Fri, 29 Aug 2008 10:49:00 GMT
Hi all

I'm trying to understand the correct way of escaping path URI components
containing special characters, in particular passing the '/' character
through as part of the URI.

RFC 2396, section 3.3 says:
   path          = [ abs_path | opaque_part ]
   path_segments = segment *( "/" segment )
   segment       = *pchar *( ";" param )
   param         = *pchar
   unreserved    = alphanum | mark
   escaped       = "%" hex hex
   pchar         = unreserved | escaped |
                   ":" | "@" | "&" | "=" | "+" | "$" | ","
   The path may consist of a sequence of path segments separated by a
   single slash "/" character.  Within a path segment, the characters
   "/", ";", "=", and "?" are reserved.

Within this definition, I don't see why a path segment with an escaped
'/' is considered as an invalid URI. For example, a uri that is
'/foo/bar%2F/' is considered invalid by apache, giving a 404 response
and not considering any handlers. I have also seen suggestions that the
correct form of that URI would be '/foo/bar%252F/', but to me that seems
to be double escaped, which is not what the RFC seems to imply.

I'm seeing this on 1.3.x (legacy application), but it is clearly a
design decision as it affects all versions I've tried. I'm sure there's
a good reason, but can someone explain it to me, and how I should work
around this, so that we can create and parse correctly escaped URIs.

Thanks

Tom

Mime
View raw message