During the use of the Apache address rewrite mod_rewrite, it was found that when%2f (/) or%5c (\) appeared in the URL and path_info, it would be considered an illegal request and Apache would return directly to the "404 (Not Found)" error.
In other words, Apache rejects the request directly before calling the Mod_proxy or mod_rewrite module, giving a 404 error.
This is done primarily to prevent CGI security vulnerabilities, especially if the script uses path_info but does not do a security filtering operation, it is easy to inject vulnerabilities.
Suppose the URL is secure, that is, we want to use this URL to include this encoding conversion string, how to do? How to solve this problem?
There are 2 types of solutions:
Scenario One: Open Apache's "allowencodedslashes" command
In the Apache configuration file (httpd.conf), locate the <VirtualHost> node and configure the following code (note that adding this rule to the . htaccess file does not work.) )
<virtualhost *:80>allowencodedslashes on</virtualhost>
Open this command to tell the Apache server to allow the URL address to contain the encoded string, as
Http://www.example.com/books/the_lamp%2C_linux%2Fapache%2Fmysql%2Fphp_solution.html
This will solve the problem without modifying the PHP code. However, not all users are allowed to modify the Apache configuration file, or to say, do not modify the Apache configuration file, how to solve this problem?
Scenario two: two times UrlEncode ()
$url. = UrlEncode (UrlEncode ($title)). '. html '
Become
Http://www.example.com/books/the_lamp%252C_linux%252Fapache%252Fmysql%252Fphp_solution.html
See also: http://httpd.apache.org/docs/2.2/mod/core.html#allowencodedslashes
Resolves an issue where the URL contains "%2f" that causes the Apache address rewrite mod_rewrite to fail