When a URI passes through mod_proxy, either via ProxyPass or a proxying RewriteRule, mod_proxy appears to be decoding percent escaped characters before passing the URI on to the destination server. (So, for example, if the original URI contains a "%2B", the destination server will see a "+".) This is contrary to RFC 2616 (HTTP/1.1), which says 'A transparent proxy MUST NOT rewrite the "abs_path" part of the received Request-URI when forwarding it to the next inbound server, except as noted above to replace a null abs_path with "/".' (section 5.1.2). In addition, it breaks a CGI I'm using. :) As further information, the decoding seems to be recursive to a degree. "%252B" is also converted into "+", but "%25252B" merely becomes "%252B".
A reverse proxy doesn't need to be transparent. It may be as well a caching proxy, that approached the backend server only if it doens't have a fresh copy of the requested object. There fore, it MAY alter the URL. However, there is a bug in this alteration: In the reverse proxy case, unescaping is done twice. In the first unesacping, the core does this for any non-proxy request. However, this is done before reverse proxy requests are identified by matching the URL with ProxyPass directives. Therefore, the second unescaping, in the function ap_proxy_canonenc in proxy_util.c, should be done only for a standard proxy, and not for a reverse proxy, and the line if (isenc && ch == '%') { (proxy_util.c:206 in httpd_2.0.45) should be replaced by if (isenc == PROXYREQ_PROXY && ch == '%') {
*** Bug 24873 has been marked as a duplicate of this bug. ***
*** Bug 18564 has been marked as a duplicate of this bug. ***
Fix now committed to HEAD (subject to review)
This bug still exists as of 2.0.53. The suggested patch in proxy_util.c from Zvi Har'El, listed below, corrects the problem for me: if (isenc == PROXYREQ_PROXY && ch == '%') { To reproduce the bug, I setup a Reverse Proxy and use the following urls for testing: http://1.2.3.4/% -Returns bad request http://1.2.3.4/%25 -Works http://1.2.3.4/proxy/% -Returns bad request http://1.2.3.4/proxy/%25 -Returns bad request After the patch, the last example works properly.
I have also the same problem with apache 2.0.54, is there any plan to fix it in the next release? thanks
Fixed for 2.0.55: http://svn.apache.org/viewcvs.cgi?rev=227435&view=rev