Bug 48499 - mod_rewrite can't redirect to files with ? in them
Summary: mod_rewrite can't redirect to files with ? in them
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_rewrite (show other bugs)
Version: 2.2.14
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: MassUpdate
Depends on:
Reported: 2010-01-06 19:55 UTC by M8R-3mye921
Modified: 2018-11-07 21:09 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description M8R-3mye921 2010-01-06 19:55:13 UTC

I have a directory /foo that's mapped into my web root by 'Alias /bar /foo'.
/foo contains a file named x?y. I want this file to be reachable by /bar/x%3Fy and /bar/x?y. So I thought I'd use mod_rewrite.

mod_rewrite makes this unnecessarily hard by its special handling of query parameters, but I think something like

RewriteCond %{QUERY_STRING} .
RewriteRule ^(/bar/.*)$ $1\%3F%{QUERY_STRING}? [PT]

ought to work. However, this creates only 404s. I can understand that without [PT] it tries to prepend the web root path, but with [PT] it should arrive at my alias. This doesn't seem to work, however. I can see the rewrite happening in the logs, but the resulting url can't be resolved.

I think the above is bug #1.

My next attempt was to bypass the alias and rewrite to the actual file path:

RewriteCond %{QUERY_STRING} .
RewriteRule ^/bar/(.*)$ /foo/$1?%{QUERY_STRING}

This fails because mod_rewrite strips the part after ?, treating it as another query parameter list. Then I tried /foo/$1\%3F%{QUERY_STRING}?, but that also 404s, maybe because it looks for a file called 'x%3Fy', not 'x?y'.

In any case I couldn't get that to work either, which I think is bug #2.

I eventually found a workaround, using an external redirect:

RewriteCond %{QUERY_STRING} .
RewriteRule ^(/bar/.*)$ $1\%3F%{QUERY_STRING}? [NE,L,R=permanent]

This causes another roundtrip to the client, but it works. But there really should be a way to do all of this internally. If such a way exists, I didn't find it, and it's a documentation bug. If such a way doesn't exist, it's a code bug (and probably a documentation bug as well, because [PT] really looks like it should do what I want).

Thanks for your attention.
Comment 1 Eric Covener 2010-12-04 18:08:23 UTC
a workaround is to put the directive in per-directory config, where the \%3F can be re-injected verbatim which is not 100% the same as [PT] apparently.
Comment 2 William A. Rowe Jr. 2018-11-07 21:09:07 UTC
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd.

As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd.

If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question.

If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with.

Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.