[FX.php List] [OFF] Rewrite for forcing http to https possible?
biscuit technologies
biscuit.tech at gmail.com
Tue Sep 23 17:41:25 MDT 2008
Hi Troy,
Sorry to be obtuse, I hate that.
If you go to page I linked to and do a search for 'b flag' you'll see this:
'B' (escape backreferences)
Apache has to unescape URLs before mapping them, so backreferences
will be unescaped at the time they are applied. Using the B flag,
non-alphanumeric characters in backreferences will be escaped. For
example, consider the rule:
RewriteRule ^(.*)$ index.php?show=$1
This will map /C++ to index.php?show=/C++. But it will also map
/C%2b%2b to index.php?show=/C++, because the %2b has been unescaped.
With the B flag, it will instead map to index.php?show=/C%2b%2b.
This escaping is particularly necessary in a proxy situation, when the
backend may break if presented with an unescaped URL.
So, I take that to mean if you add B to your rule:
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L,B]
Your unencoded spaces won't get encoded.
I have to wonder though if it isn't better for the long run to fix
your schema to not have spaces in your URLs at all.
Let me know how it goes,
David
On Tue, Sep 23, 2008 at 4:31 PM, Troy Meyers <tcmeyers at troymeyers.com> wrote:
> David,
>
> Thanks for the reply. I don't understand what you mean... what is a backreference... do you think that's what's happening? Could you give an example?
>
> -Troy
>
>
>
>> Hi Troy,
>>
>> I think if you are using Apache 2.2.7 you can add the [B] option to
>> escape backreferences:
>>
>> http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html
>>
>> - David
>
>
> On Tue, Sep 23, 2008 at 9:23 AM, Troy Meyers <tcmeyers at troymeyers.com> wrote:
>> This has worked very well, and we've had the new SSL Mini running for a couple of days.
>>
>> Only one issue has cropped up. Luckily it only affects some old and rare links that people have out there. It involves the rewrite rule that we have in the .htaccess file at the root level of the web stuff (the /Library/WebServer/Documents/.htaccess file).
>>
>> The rule that causes http URLs to be converted to https URLs is this:
>>
>> RewriteEngine On
>> RewriteCond %{HTTPS} off
>> RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
>>
>> Some other rules follow, but supposedly the L causes no further rules to be tried.
>>
>> The problem is this...
>>
>> While these examples work fine:
>>
>> http://lab.troymeyers.com/
>> becomes
>> https://lab.troymeyers.com/
>>
>> http://lab.troymeyers.com/flasking/listing.php?genus=Coryanthes
>> becomes
>> https://lab.troymeyers.com/flasking/listing.php?genus=Coryanthes
>>
>> http://lab.troymeyers.com/flasking/file%20name%20with%20spaces.php
>> becomes
>> https://lab.troymeyers.com/flasking/file%20name%20with%20spaces.php
>>
>>
>> ...this does NOT work well:
>> http://lab.troymeyers.com/flasking/listing.php?genus=Name%20with%20spaces
>> becomes
>> https://lab.troymeyers.com/flasking/listing.php?genus=Name%2520with%2520spaces
>>
>> To clarify the problem, if the portion of a URL after the "?" has a character that seems like it ought to be encoded (if it weren't already URL encoded) it does it, even though it already IS encoded. Thus, the "%20" turns into "%2520". Note that is does NOT happen before the "?" character in the URL. In CDML-type URLs this produces missing field or file errors, since the names are messed up.
>>
>> Any ideas how the RewriteRule should be changed to fix this?
>>
>> -Troy
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
More information about the FX.php_List
mailing list