views:

105

answers:

3

I have a url containing the following:

/somepath/morestuff/ohno%25foobar

For some reason apache is reporting a 400 bad request (it has something to do with the %25). I am using mod_rewrite to rewrite the path to point to my codeigniter instance but it's not even getting to codeigniter, it's just the default apache error.

Any ideas?

+1  A: 

I suspect that you're using PATH_INFO to handle your CodeIgniter requests. Consequently, your .htaccess file contains a rule set that looks similar to this:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ index.php/$0 [L]

When mod_rewrite tests your URLs, they have already been decoded to their natural character format, so in this case %25 has become just %. When you apply this rule, the backreference actually contains the literal text somepath/morestuff/ohno%foobar, which is not re-encoded by default. Apache has no idea what that % is doing in your request path to /index.php/somepath/morestuff/ohno%foobar and chokes, giving you that error.

If you're running Apache 2.2, mod_rewrite added the B flag for this purpose, allowing you to automatically escape backreferences rewritten to your URL. Adding it to your current flag list should fix the problem in that case:

RewriteRule ^.*$ index.php/$0 [B,L]

There's also an escape RewriteMap that's available as an internal map in previous Apache versions of mod_rewrite, but unfortunately this map has to be enabled at the server or virtual server configuration level, so may not be available if you're running your site on shared hosting. It does the same thing, though a bit more deliberately.

In your server/virtual server configuration:

RewriteMap escape int:escape

Then, wherever you define your rules:

RewriteRule ^.*$ index.php/${escape:$0} [L]

Keep in mind that CodeIgniter doesn't need to use PATH_INFO to get the request information, and using REQUEST_URI is perfectly acceptable here if you aren't using mod_rewrite to do any other transformations (and would avoid this headache altogether). I think by default CodeIgniter is set to get the request from AUTO (assuming I haven't gotten my frameworks mixed up), so simply not rewriting the request to the URL with path info would be enough to make that change.

Tim Stone
I'm running apache 2.2 but that B flag didn't work... it caused a 500.
Ken Struys
@Ken Struys - What does your error log have to say about the 500?
Tim Stone
@Tim says the B flag is unknown. I'm running 2.2.3 and 2.2.7 added the B flag. I do have full access to the server (not shared hosting) so I can do whatever I need to do to apache.
Ken Struys
@Ken Struys - Looking at the change log for 2.2, someone apparently broke the `B` flag at some point, and it wasn't fixed until 2.2.12. You can recompile `mod_rewrite` with the [latest source](http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/modules/mappers/mod_rewrite.c) or update Apache, but both of those might be more trouble than they're worth, so I've expanded on how to define the `RewriteMap` if you'd like to try using that first.
Tim Stone
@Tim I got it working using escape. initially it wasn't working because codeigniter by default auto doesn't use the REQUEST_URI it does some weird automatic detection. When is switch it over to REQUEST_URI in the config everything worked. Thanks for the help.
Ken Struys
A: 

Hi

Still having a problem with the above solution

It doesn't work for characters such as

%u2019

A: 

Apache 2.2.12+, just use the B flag. Otherwise, see here:

http://www.dracos.co.uk/code/apache-rewrite-problem/

philfreo