Apache mod_rewrite encounters a 404 error in URL rewriting failure caused by special symbols such as % 2F or % 5C (forward and backward slash ).
. Htaccess File
<IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ index.php/$1 [QSA,PT,L]</IfModule>
Http: // localhost/Application/Home/Index/index/url/http % 3A % 2F % 2Fwww.domain.com % 2 Fpage % 2F
When you access the above link, there is always 404, And the rewrite is invalid.
Http: // localhost/Application/Home/Index/index/url/http://www.domain.com/page/
Xampp that I have been using in the local environment, nginx on the server is no problem, but apache is quite speechless, always 404, changed to the original, but the page can be opened normally without urlencode
After searching online for half a day, I finally found the cause:
If % 2f (/) or % 5c (\) appears in the URL and PATH_INFO, it is considered invalid. Apache will directly return "404 (Not Found) "error.
That is to say, Apache directly rejects the request before calling the mod_proxy or mod_rewrite module, and returns the 404 error.
To prevent CGI security vulnerabilities, especially when PATH_INFO is used in the script but no security filtering operation is performed, the vulnerability is easily injected.
There are two solutions. The first one is relatively simple, but requires the server operation permission:
1. Modify the virtual directory configuration of the site
<VirtualHost *:80> AllowEncodedSlashes On DocumentRoot "D:/htdocs/localhost" ServerName localhost</VirtualHost>
Add AllowEncodedSlashes On in configuration and then restart the service.
Ii. Multiple urlencodes
You can link the URL multiple times, usually twice or three times.
I did a test and found that it had to be successful three times.
Http: // localhost/Application/Home/Index/index/url/http % 253a % 25252F % 25252Fwww.domain.com % 25252 Fpage % 25252F
It seems that this method is not practical, and the change is too large.