With Apache 2.0.49, Tomcat 5.0.22, mod_jk 1.2.6-dev (or mod_jk2 2.0.5-dev), my servlets' service methods do not get called if there is a % character in the path-info. The URLs in question are properly escaped originally and are of the form: http://hostname/webappname/servlet/servletName/pathComp1/pathComp2/foo%25bar.txt Note that the request is processed without any error if the %25 (an escaped '%') is omitted. Once the % is in place, however, my service method is never invoked. On Apache's side mod_jk logs show delegation of the request /webappname/servlet/servletName/pathComp1/pathComp2/foo%bar.txt to Tomcat. Note that the %25 has been unescaped here. These logs then shows mod_jk unmarshals a 400 response. I am not certain which component is to blame here, but: 1) The original URL is valid (albeit obnoxious...) 2) Static requests for paths with % in them have related issues. See bug 28350.
I recommend giving your resources more sensible names. As this might cause security issues, I don't think it would be wise fixing this. *** This bug has been marked as a duplicate of 28350 ***
Was this resolved due to JkOptions ForwardURICompatUnparsed as in the other bug? [I've not had a chance to test this yet.] If so, great. To answer your security question, the resource is not named by me, unfortunately. The request is for content management and maintains the user's original leaf filename for better handling by browsers, etc. While I would never put '%' in a filename, users do all sorts of crazy things...