Bug 42610

Summary: mod_rewrite and mod_proxy handle ';' incorrectly
Product: Apache httpd-2 Reporter: Jay McCarthy <jay.mccarthy>
Component: mod_rewriteAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: P2    
Version: 2.5-HEAD   
Target Milestone: ---   
Hardware: Other   
OS: other   

Description Jay McCarthy 2007-06-06 16:50:02 UTC 
The rule:

RedirectMatch ^/(.*) http://host/$1 [P]

a request to

"/foo;bar"

makes a request to

"http://host/foo%3bbar"

rather than

"http://host/foo;bar"

This is an error.

RFC 2616: http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.2.2

 Characters other than those in the "reserved" and "unsafe" sets (see RFC 2396 [42]) are equivalent to 
their ""%" HEX HEX" encoding.

RFC 2396: http://www.faqs.org/rfcs/rfc2396.html
 Sec 2.2:

  reserved    = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" |
                    "$" | ","

Thus ";" is a reserverd character and NOT equivalent to its HEX encoding.
Comment 1 rahul 2007-09-20 05:02:43 UTC 
Are you sure you are using mod_rewrite? because 
RedirectMatch that is there in the bug description is mod_alias, and it does not
take [P] as a parameter
AP_INIT_TAKE23("RedirectMatch", add_redirect_regex,
                   (void *) HTTP_MOVED_TEMPORARILY, OR_FILEINFO,
                   "an optional status, then a regular expression and "
                   "destination URL"),

RewriteRule on the other hand does take the flag [P], and works perfectly well.
.....
RewriteRule ^/(.*)$  http://agneyam.india.sun.com:2000/$1 [P]
.....
(echo "GET /foo;bar HTTP/1.0\n\n" ;sleep 1000000) | telnet agneyam 8080
.....
>[
GET /foo;bar HTTP/1.1
Host: agneyam.india.sun.com:2000
Max-Forwards: 10
X-Forwarded-Server: agneyam
Connection: Keep-Alive

]
Comment 2 Nick Kew 2007-11-11 16:20:37 UTC 
If this is indeed mod_rewrite, then it appears also to be 34602.

*** This bug has been marked as a duplicate of 34602 ***
Comment 3 Rainer Jung 2018-02-25 20:01:00 UTC 
Undo spam change

*** This bug has been marked as a duplicate of bug 34602 ***