Page MenuHomePhabricator
Paste P3227

rewrite git labs

Authored by Dzahn on Jun 8 2016, 7:01 PM.
11:11 < mutante> in a RewriteRule i use "^/tree/(.+)" to match /tree/foo and then reuse the foo part in my target URL. it's ok so far, just when i request something like "/tree/%2F" it is still 404 because of the %2F , how do i also match those
11:12 < Unbeliever> fajita: AllowEncodedSlashes
11:12 < fajita>
11:12 < Unbeliever> mutante: possibly this ^^
11:12 < thumbs> mutante: .+ or .* will match it.
11:12 < thumbs> but yes, allow the encoded slashes first.
11:13 < mutante> hmm, aha! looking at that, thanks
11:15 < mutante> ugh, now i dont know if that will influence any of all the existing config there is and i see " Allowing slashes to be decoded could potentially allow unsafe paths."
11:15 < thumbs> mutante: indeed.
11:15 < Unbeliever> mutante: indeed, it can be a security risk
11:16 < mutante> i wish i could just do this in the context of my rewrite rule
11:17 < thumbs> fajita: AllowEncodedSlashes context
11:17 < fajita> AllowEncodedSlashes may be used in the following contexts: server config, virtual host
11:18 < rbowen> mutante: There's a rewrite flag for that.
11:18 < rbowen> fajita: rewrite flags
11:18 < fajita>
11:18 < mutante> NE?
11:18 < fajita> noescape (no uri escaping of output)
11:18 < rbowen> Is it NE? Or B?
11:18 < rbowen> I always get confused between the two of those.
11:18 < rbowen> Depends on what you're trying to do.
11:18 < mutante> but i need to match those types on the left hand side
11:18 < Unbeliever> possibly both :)
11:19 < rbowen> fajita: NE
11:19 < fajita> noescape (no uri escaping of output)
11:19 < rbowen> pfft. Lot of help that is.
11:19 < rbowen> I think it's B, but I'm not sure.
11:20 < mutante> it seems that NE is only about output, B is a good point, reading
11:20 < Unbeliever> you still may require the AllowEncodedSlashses otherwise apache may returna 4040 simply because it finds %2F in the URI path
11:20 < Unbeliever> er 404
11:20 < thumbs> Unbeliever: correct.
11:20 < thumbs> mutante: anyway, you can limit this to your vhost
11:20 < mutante> ok, then i need to test this behaviour on the production setup and see that first
11:20 < mutante> right now i was on a labs host
11:21 < mutante> thumbs: ok! thanks
11:21 < Unbeliever> test on the production setup .. an oxymoron if ever there was one
11:21 < mutante> haha, yea, but it's not as bad as it sounds :) production also has "canary" servers