Hi, we met a problem that if our url contain %25(encoded %) in path, then httpd which act as a reverse proxy server will return 400(bad request) to client after we upgrade to httpd-2.4.57, we use the flag AllowEncodedSlashes as NoDecode to enable the slashes not decoded by httpd. Below steps is about how to produce this problem: I test it with manually with apache official docker image: httpd: 2.4.57, below is my test steps: 1. Start a container from this image: docker create --name apache -p 8080:80 httpd:2.4.57 docker start apache 2. Attach in to it and edit the httpd.conf docker exec -ti apache bash # add the configuration to file /usr/local/apache2/conf/httpd.conf LogLevel debug AllowEncodedSlashes NoDecode # load proxy module LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so # include the proxy configuration Include conf/extra/httpd-proxy.conf 3. Add a new configuration httpd-proxy.conf # add new configuration file to /usr/local/apache2/conf/extra/ $ cat conf/extra/httpd-proxy.conf <VirtualHost *:80> # Proxy the requests to the backend server ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ </VirtualHost> 4. Start a simple python http server like below # cat app.py from bottle import Bottle, response app = Bottle() @app.route('/api') def hello_world(): response.content_type = 'application/json' return '{"message": "Hello, World!"}' if __name__ == '__main__': app.run(debug=True) 5. Reload httpd Kill -s SIGHUP 1 6. Send request via curl $ curl http://localhost:80/xxxx%25xxxxx <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> </p> </body></html> But this request can reach to endpoint, this 404 is returned by endpoint server # curl http://localhost:80/xxxx%20xxxxx <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head> <title>Error: 404 Not Found</title> <style type="text/css"> html {background-color: #eee; font-family: sans;} body {background-color: #fff; border: 1px solid #ddd; padding: 15px; margin: 15px;} pre {background-color: #eee; border: 1px solid #ddd; padding: 5px;} </style> </head> <body> <h1>Error: 404 Not Found</h1> <p>Sorry, the requested URL <tt>'http://localhost/xxxx%20xxxxx'</tt> caused an error:</p> <pre>Not found: '/xxxx xxxxx'</pre> </body> </html> I also try to revert the changes in httpd-2.4.57, I found the problem is in this change: https://github.com/apache/httpd/commit/9b8cf1746bb004050b02a30bf0222479fbe405c2 When I revert this change, then the problem was gone. I think this maybe is a bug for mod_proxy introduced by this change.
Created attachment 38546 [details] Producing steps
Created attachment 38547 [details] Possible fix Does the attached patch fix your issue?
(In reply to Ruediger Pluem from comment #2) > Created attachment 38547 [details] > Possible fix > > Does the attached patch fix your issue? Yes, I tested your patch, and indeed it works, thanks.
Committed to trunk as r1909464.