Apache, receiving a request with an encoded semicolon (%3B) is decoding it before passing the request to a proxy (backend of Spring Tomcat).
Relevant apache Virtual host lines are:
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto https
ProxyPass / http://127.0.0.1:8081/
ProxyPassReverse / http://127.0.0.1:8081/
So for example when a request for URL like
http://testsite.com/page/%27+many+times%3B+the+valiant/author
Would be proxy forwarded as
http://testsite.com/page/%27+many+times/author
Is there something I can do to prevent apache from decoding that URL before forwarding it to proxy?
Best Answer
mod_proxy
canonicalise URLs passed to the backend. If you want suppress this behavior usenocanon
keyword and this passes the URL path "raw" to the backend.Eg: