How to enable AllowEncodedSlashes?
I'm trying to enable slashes in the URLs, but no matter where I set "AllowEncodedSlashes On" it doesn't work.
So far I've tried manually editing '/usr/local/apache/conf/httpd.conf' and adding "AllowEncodedSlashes On" at the beginning of the file and inside
I've tried adding it to include files in the WHM (Home "Service Configuration "Apache Configuration "Include Editor) and that also did not solve the issue.
I'm running Apache 2.4.16
Any ideas what I am doing wrong?
-
Hello, This directive is documented at: core - Apache HTTP Server Version 2.4 I'm able to successfully browse to a URL with an encoded path separator, even before enabling this directive: http://domain.tld/1234%5c5.html
Could you let us know the steps you are using for testing? Thank you.0 -
Hello, This directive is documented at: core - Apache HTTP Server Version 2.4 I'm able to successfully browse to a URL with an encoded path separator, even before enabling this directive:
http://domain.tld/1234%5c5.html
Could you let us know the steps you are using for testing? Thank you.
I pass a base64 encoded parameter which has forward slashes in it.http://subdomain.domain.tld/page/Rz41tUSb5eTREoBH%2FkcveOThaL7NIY0XHLdZkpY7QSU%3D
My .htaccess has the following ruleRewriteEngine On RewriteRule ^page/([^/]*)$ page.php?id=$1
The end result is Error 404. I also created the 1234%5c5.html test file using nano and then tried to access it and I still get the error 404.Not Found The requested URL /1234\5.html was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
I got WHM 58.0 (build 25)0 -
My .htaccess has the following rule
RewriteEngine On RewriteRule ^page/([^/]*)$ page.php?id=$1
Could you verify if the issue persists when temporarily disabling that rewrite rule? Thank you.0 -
Could you verify if the issue persists when temporarily disabling that rewrite rule? Thank you.
Removed .htaccess, same issue0 -
It's possible this is happening due to an existing Mod_Security rule on your system. Do you notice any entries in /usr/local/apache/logs/error_log when this happens? Thank you. 0 -
It's possible this is happening due to an existing Mod_Security rule on your system. Do you notice any entries in /usr/local/apache/logs/error_log when this happens? Thank you.
No errors relating to the issue I also disabled mod_security on that domain and I still get the error 4040 -
Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome. Thank you. 0 -
Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome. Thank you.
Opened. Support Request ID is: 76532210 -
Jason Thomson from CPanel support got it fixed. The instructions for adding "AllowEncodedSlashes On" setting are: Make the following directory. Replace username with the username of the user and domain.tld with the domain. mkdir -p /usr/local/apache/conf/userdata/std/2_4/username/domain.tld/
Create slashes.conf filevi /usr/local/apache/conf/userdata/std/2_4/bimmer/bimmeroptions.com/slashes.conf
addAllowEncodedSlashes On
to the file, rebuilt httpconf/scripts/rebuildhttpdconf
restart Apache0
Please sign in to leave a comment.
Comments
9 comments