httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicholas DiPiazza <nicholas.dipia...@openlogic.com>
Subject [users@httpd] When %26 and %20 are in the same URL, mod_proxy with SSL unescapes encoded chars when it shouldn't
Date Wed, 18 Jul 2012 06:21:37 GMT
Dear apache group: I have a strange issue.

Rhel 5
Apache 2.2.21 (Unix)
httpd.conf http://pastebin.com/EpkZtUCM
httpd-ssl.conf http://pastebin.com/vUk0yV4F 

I am proxying to a backend tomcat server, the SSL terminates at apache.

When downloading a file from Tomcat through the SSL proxy, if the URL has any combination
of %26 and %20, the URLs are escaped incorrectly and result in 404 errors.

Example:

Tomcat file: webapps/ndd/document-1.1.2222/a&b Test.txt
Apache URL: https://uat.ndipiazza.com/ndd/document-1.1.2222/a%26b%20Test.txt

Results in 404 error: https://uat.ndipiazza.com/ndd/document-1.1.2222/a&b Test.txt
(Ampersand was unescaped so the path is all wrong now by the time it gets to Tomcat)

If you remove HTTPS, it works.
If you hit the file on Tomcat directly, it works.
If you remove the %20 from the filename, it works.
Cannot replicate the behavior on any other server but this one!

Very strange.

Anyone have any idea what this might be? How I might work around this or fix it? 

-Nicholas 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message