Apache decoding semicolon – mod_proxy

apache-2.4mod-proxymod-rewrite

Apache, receiving a request with an encoded semicolon (%3B) is decoding it before passing the request to a proxy (backend of Spring Tomcat).

Relevant apache Virtual host lines are:

ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto https
ProxyPass / http://127.0.0.1:8081/
ProxyPassReverse / http://127.0.0.1:8081/

So for example when a request for URL like

http://testsite.com/page/%27+many+times%3B+the+valiant/author

Would be proxy forwarded as

http://testsite.com/page/%27+many+times/author

Is there something I can do to prevent apache from decoding that URL before forwarding it to proxy?

Perhaps relevant issue noted on apache.org/bugzilla

Best Answer

mod_proxy canonicalise URLs passed to the backend. If you want suppress this behavior use nocanon keyword and this passes the URL path "raw" to the backend.

Eg:

ProxyPass / http://127.0.0.1:8081/ nocanon

Related Solutions

Tomcat – mod_proxy incorrect redirect behaviour

Switching from mod_proxy_ajp to mod_proxy_http seems to resolve this problem.

ProxyPass /servlet/ http://localhost:8080/
ProxyPassReverse /servlet/ http://localhost:8080/

Unfortunately this has the side effect of not passing along the ip address of the remote connection. Another alternative is to add a rewrite rule to match the url with the missing slash at the end:

RewriteCond %{REQUEST_URI} ^/servlet/[^/]+$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}/ [R=301,L]

Looking for equivalent of ProxyPassReverseMatch in Apache to fix missing trailing forward slash issue

You can just ignore the username and anything that follows when fixing up the redirect:

ProxyPassReverse /~ http://www.userdir.com/~

Since this is just a prefix substitution.

Best Answer

Related Solutions

Tomcat – mod_proxy incorrect redirect behaviour

Looking for equivalent of ProxyPassReverseMatch in Apache to fix missing trailing forward slash issue

Related Topic