Resolves an issue where the URL contains "%2f" that causes the Apache address rewrite mod_rewrite to fail

During the use of the Apache address rewrite mod_rewrite, it was found that when%2f (/) or%5c (\) appeared in the URL and path_info, it would be considered an illegal request and Apache would return directly to the "404 (Not Found)" error.

In other words, Apache rejects the request directly before calling the Mod_proxy or mod_rewrite module, giving a 404 error.

This is done primarily to prevent CGI security vulnerabilities, especially if the script uses path_info but does not do a security filtering operation, it is easy to inject vulnerabilities.

Suppose the URL is secure, that is, we want to use this URL to include this encoding conversion string, how to do? How to solve this problem?

There are 2 types of solutions:

Scenario One: Open Apache's "allowencodedslashes" command

In the Apache configuration file (httpd.conf), locate the <VirtualHost> node and configure the following code (note that adding this rule to the . htaccess file does not work.) ）

<virtualhost *:80>allowencodedslashes on</virtualhost>

Open this command to tell the Apache server to allow the URL address to contain the encoded string, as

Http://www.example.com/books/the_lamp%2C_linux%2Fapache%2Fmysql%2Fphp_solution.html

This will solve the problem without modifying the PHP code. However, not all users are allowed to modify the Apache configuration file, or to say, do not modify the Apache configuration file, how to solve this problem?

Scenario two: two times UrlEncode ()

$url. = UrlEncode (UrlEncode ($title)). '. html '

Become

Http://www.example.com/books/the_lamp%252C_linux%252Fapache%252Fmysql%252Fphp_solution.html

See also: http://httpd.apache.org/docs/2.2/mod/core.html#allowencodedslashes

Resolves an issue where the URL contains "%2f" that causes the Apache address rewrite mod_rewrite to fail