On Mon, Mar 13, 2023 at 7:38 AM Thomas Åkesson
wrote:
>
>
> Try e.g. [R,B= ?,...]
>
> The question mark is to avoid the issue of not being able to have " "
> as the final character in this syntax.
> >>>
> >>
> >> Sorry, the above doesn't work. Someone reported in another thread
>>> Thanks for the suggestion. I am unable to make 2.4.52 (Ubuntu) accept space
>>> for the B-flag. I have tried first, middle, last, only flag but always
>>> getting "RewriteRule: bad flag delimiters".
>>>
>>> I am also having concerns whether this would work (unable to test at this
>>> time
Try e.g. [R,B= ?,...]
The question mark is to avoid the issue of not being able to have " "
as the final character in this syntax.
>>>
>>
>> Sorry, the above doesn't work. Someone reported in another thread: [R,B=\ ]
>
> The real trick seems to be quoting the entirety of t
On Fri, Mar 10, 2023 at 5:56 PM Eric Covener wrote:
>
> > > Try e.g. [R,B= ?,...]
> > >
> > > The question mark is to avoid the issue of not being able to have " "
> > > as the final character in this syntax.
> >
>
> Sorry, the above doesn't work. Someone reported in another thread: [R,B=\ ]
The
> > Try e.g. [R,B= ?,...]
> >
> > The question mark is to avoid the issue of not being able to have " "
> > as the final character in this syntax.
>
Sorry, the above doesn't work. Someone reported in another thread: [R,B=\ ]
> Thanks for the suggestion. I am unable to make 2.4.52 (Ubuntu) accept
> On 10 Mar 2023, at 16:32, Eric Covener wrote:
>
> On Fri, Mar 10, 2023 at 8:56 AM Thomas Åkesson
> wrote:
>>
>> Hi,
>>
>> We are experiencing the effect that a RewriteRule resulting in R (redirect)
>> are blocked (403) with AH10410 despite being encoded before 2.4.56 (the
>> resulting Lo
On Fri, Mar 10, 2023 at 8:56 AM Thomas Åkesson
wrote:
>
> Hi,
>
> We are experiencing the effect that a RewriteRule resulting in R (redirect)
> are blocked (403) with AH10410 despite being encoded before 2.4.56 (the
> resulting Location header was ok). Is this change intentional?
>
> Example:
>
Hi,
We are experiencing the effect that a RewriteRule resulting in R (redirect) are
blocked (403) with AH10410 despite being encoded before 2.4.56 (the resulting
Location header was ok). Is this change intentional?
Example:
RewriteRule ^/here/([^/]+)(/.*)$
http://example.com:808
Severity: important
Description:
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through
2.4.55 allow a HTTP Request Smuggling attack.
Configurations are affected when mod_proxy is enabled along with some form of
RewriteRule
or ProxyPassMatch in which a non-specific pa
