: Query value with chevrons sends 302 to / When a special query value is typed in the URL, apache sends back a 302 redirect to root url (/). We're using CPanel and we owns the server. The
When a special query value is typed in the URL, apache sends back a 302 redirect to root url (/).
We're using CPanel and we owns the server. The apache virtualhost file wasn't touched and is managed by CPanel. I tried to do some researches but when I type "redirect" or "302" with my issue, I get answers about "how to url-rewrite".
The problem appears when using chevrons and maybe other special characters. Here are the tested queries (on my server, on a test subdomain, no .htaccess involved, script echoes $_GET): dev.rihan.fr/echo.php
?foo=%3c (ie. ?foo=<) (OK)
?foo=%3e (ie. ?foo=>) (OK)
?foo=%3c%3c (ie. ?foo=<<) (KO)
?foo=%3e%3e (ie. ?foo=>>) (KO)
?foo=%3d%3c (ie. ?foo==<) (OK)
?foo=%3c%3d (ie. ?foo=<=) (KO)
We're on Apache 2.4.18, PHP 5.6.20.
Any idea on whether it's a known bug or a particular configuration? Thanks for your help.
More posts by @Turnbaugh106
1 Comments
Sorted by latest first Latest Oldest Best
It sounds like a security feature on the server is redirecting the connection when html escaped data is added to the URL. Take a look through your Apache configuration files and the vhost files and check any redirect rules you find, you will probably fine one has a regex pattern for identifying html escaped data and blocking it as a security precaution. If you don't want to go through all the configuration files you could try base64_encoding the escaped values which are causing the problems, I have done this before where a server was configured to block html escaped data in the URL and it worked as the base64_encoded string passed the regex pattern.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.