Actions
bug #7563
closedrequests with %2F in URL are rejected by apache
Start date:
Due date:
% Done:
100%
Estimated time:
Severity:
normal
Found in Version:
Description
requests like http://test.e-taxonomy.eu/cdmserver/phycobank_production/registrationDTO/identifier/http%+3+A%2F%2Fphycobank.org%2F100105.json
are rejected by apache with a http 404 code. This blocks from resolving http identifiers like http://phycobank.org/100105.
By default apache does not allow %2F for / and %5C for \ in URLs:
- https://stackoverflow.com/questions/9206835/2f-in-url-breaks-and-does-not-reference-to-the-php-file-required#12993237
- http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes
The AllowEncodedSlashes-Direktive for apache can be set in the server configuration and also in vhost configurations:
# # NOTE: AllowEncodedSlashes is off per default to prevent possible security vulnerabilities. # To allow the cdmserver resolving http identifiers via HTTP GET requests it is required to # allow encoded slashes. See https://dev.e-taxonomy.eu/redmine/issues/7563 # AllowEncodedSlashes On
The edit servers and documentation needs to be adapted:
- edit-test: /etc/apache2/sites-available/default - DONE
- edit-community: /etc/apache2/sites-available/siteconf - DONE
- edit-jobber: - DONE
- edit-integration: - DONE
- edit-demo1: - DONE
- edit-demo2: - DONE
- add to cdmserver installation documentation https://cybertaxonomy.eu/cdmserver/installation - DONE
Related issues
Actions