Re: [users@httpd] Re: [OBORONA-SPAM] Re: [users@httpd] escaped input mod_rewrite

[Joshua Slive <js...@gmail.com>]

On Mon, 01 Nov 2004 20:12:46 +0300, Vadim N. Lyalikov
<va...@yandex.ru> wrote:
> I've installed
> Apache/1.3.33 (Win32) PHP/4.3.9 (mod)
> Same results.
> e.g. mod_rewrite_log with index%20.html pattern from last letter:
> 127.0.0.1 - - [01/Nov/2004:19:57:18 +0300] ... (3) [ per-dir .../b]
> strip per-dir prefix: .../b/index .html -> index .html
> 127.0.0.1 - - [01/Nov/2004:19:57:18 +0300] ... (3) [per-dir .../b/]
> applying pattern '^.*$' to uri 'index .html'
> 127.0.0.1 - - [01/Nov/2004:19:57:18 +0300] ... (4) RewriteCond:
> input='/b/index .html' pattern='^/b/index%20.html$' => not-matched
> (note whitespace between 'x' and '.' in 'index .html')
> Also Jeff Trawick said:
> I thought Apache 1.3 would always reject requests with slashes, whether
> or not encoded.  (Apache 2.0 has a directive called AllowEncodedSlashes
> (http://httpd.apache.org/docs-2.0/mod/core.html#allowencodedslashes),
> and without setting that Apache 2.0 will reject such a request with
> file-not-found.  Apache 1.3 will always reject such a request with
> file-not-found, so even if you get mod_rewrite to encode the slash it
> still won't be acceptable.
> Seems there is no way to have input to RewriteCond or RewriteRule, fully
> escaped with '%'.

Slashes are %2f.  You are using%20 which is space.  Apache will not
reject those.

Try using the space explictly in your RewriteCond/Rule instead of the
% stuff.  Just make sure to surround the argument in quotes so that it
won't be interpreted as two arguments.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org