Avoid Apache 404 on encoded url

There are times when you need to use an encode param in a url or GET request. More than often, this encoding is done out of security concerns so that some script kiddy doesn’t get happy shoving data into your urls.

During a recent incident where I implemented such a feature using the CodeIgniter Encryption Class, I kept receiving page not found errors from Apache. That is until, I turned the Apache directive AllowEncodedSlashes on.

Before turning this directive on, the encoded value (which was urlencoded) had encoded slashes as part of the value. Even though the slashes in the url were encoded, Apache was still treating them as part of the url instead of parameters in the request.

So, if you are getting 404s from Apache and are using an encoded url… chances are that you need to turn this Apache directive on:

AllowEncodedSlashes On

~ by ityndall on March 28, 2011.

Leave a Reply