Documentation for the NoEscape RewriteRule flag: https://httpd.apache.org/docs/trunk/rewrite/flags.html#flag_ne > By default, special characters, such as & and ?, for example, will be converted to their hexcode equivalent. Using the [NE] flag prevents that from happening. Testing this however shows that this does *not* happen for the '&' character. Digging into the code: as far as I can tell it either ends up in: * modules/proxy/proy_util.c: ap_proxy_canonenc or * server/util.c: ap_os_escape_path (which uses a list generated by server/gen_test_char.c) Both of these treat the '&' as an allowed character in a path. For reference: list of characters that are treated as allowed (and are thus never converted to their hexcode equivalent): * alphanumeric characters * characters: "$-_.+!*'(),:;@&=/~" As a minimum I would drop the reference to '&' in the description since it's incorrect. I suppose it could be replaced with another character (such as '{') or as an alternative list the characters that are allowed. I.e. something like: > By default, special characters(*) will be converted to their hexcode equivalent. Using the [NE] flag prevents that from happening. > (*): special characters: characters that are *not*: > - alphanumeric characters, > - '$', > - '-', > - '_', > - ...