Project

General

Profile

Actions
Copy link

bug #7563

closed

requests with %2F in URL are rejected by apache

Added by Andreas Kohlbecker over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Highest
Assignee:
Andreas Kohlbecker
Category:
server-maintenance
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Severity:
normal
Found in Version:
Tags:
phycobank

Description

requests like http://test.e-taxonomy.eu/cdmserver/phycobank_production/registrationDTO/identifier/http%+3+A%2F%2Fphycobank.org%2F100105.json

are rejected by apache with a http 404 code. This blocks from resolving http identifiers like http://phycobank.org/100105.

By default apache does not allow %2F for / and %5C for \ in URLs:

The AllowEncodedSlashes-Direktive for apache can be set in the server configuration and also in vhost configurations:

  #
  # NOTE: AllowEncodedSlashes is off per default to prevent possible security vulnerabilities.
  #       To allow the cdmserver resolving http identifiers via HTTP GET requests it is required to 
  #       allow encoded slashes. See https://dev.e-taxonomy.eu/redmine/issues/7563  
  #
  AllowEncodedSlashes On

The edit servers and documentation needs to be adapted:

  1. edit-test: /etc/apache2/sites-available/default - DONE
  2. edit-community: /etc/apache2/sites-available/siteconf - DONE
  3. edit-jobber: - DONE
  4. edit-integration: - DONE
  5. edit-demo1: - DONE
  6. edit-demo2: - DONE
  7. add to cdmserver installation documentation https://cybertaxonomy.eu/cdmserver/installation - DONE

Related issues

Related to EDIT - bug #9218: Change /registrationDTO/identifier/... signatures to use query parameters insteadClosedAndreas Kohlbecker

Actions
Related to EDIT - task #9219: Revert: requests with %2F in URL are rejected by apache NewAndreas Kohlbecker

Actions
Related to EDIT - task #9275: Cleanup apache configuration from "AllowEncodedSlashes On"NewAndreas Kohlbecker

Actions
Actions
Copy link

Also available in: Atom PDF