RewriteRule dropping escaped parameter

Forum Moderators: phranque

Message Too Old, No Replies

RewriteRule dropping escaped parameter

MagicDude4Eva

8:17 pm on May 3, 2010 (gmt 0)

I need some help with the following RewriteRule:

RewriteRule ^/iesearch/(.*)$ /jsp/search/ieaccelerators/visualsearch.jsp?q=$1 [L,PT]

The intention is to rewrite search-queries from

http://mydomain/iesearch/alvin+the+chip

to a JSP. This works fine as long as the URL does not contain encoded characters such as:

http://www.bidorbuy.co.za/iesearch/alvin+the+%26+chip

.

The rewrite log shows the following:
(2) init rewrite engine with requested uri /iesearch/alvin+the+&+chip
(2) rewrite '/iesearch/alvin+the+&+chip' -> '/jsp/search/ieaccelerators/visualsearch.jsp?q=alvin+the+&+chip'
(3) split uri=/jsp/search/ieaccelerators/visualsearch.jsp?q=alvin+the+&+chip -> uri=/jsp/search/ieaccelerators/visualsearch.jsp, args=q=alvin+the+&+chip

I would have hoped that the %26 is passed on instead of the &.

Greatly appreciate any help with this.

jdMorgan

1:54 am on May 4, 2010 (gmt 0)

The basic problem here is that you are learning the hard way that we Webmasters are not free to "use any characters we like" in any field of a URL or a query string appended to that URL. In fact, the allowed character-sets differ between URLs and query strings, and even within the various parts of the URL itself.

I don't know how you could force Apache to not decode a character sequence that it is required to decode in order to function as a Web server.

You could try capturing the query in a RewriteCond examining THE_REQUEST, and then re-injecting it into the rule substitution (possibly requiring the [NE] flag on the rule), but it might be best to modify your script to accept either encoded or un-encoded non-alphanumeric characters as a more-robust solution.

Alternately, change your search function to use a POST instead of a GET -- You can then POST any data that you like, because the server itself won't even look at it.

Take a look at RFC3986 - Uniform Resource Identifiers (URI) [tools.ietf.org] if you have an interest in the various character sets allowed in various parts of URI and in their escaping rules, or if you'd like to "stay out of trouble next time."

Jim

MagicDude4Eva

7:02 am on May 4, 2010 (gmt 0)

Thanks for the response. Are you able to assist me with the RewriteCond - in essence I would need to take the everything after "/iesearch/" and then inject it into the forward of "/jsp/search/ieaccelerators/visualsearch.jsp?q=".

g1smd

7:07 am on May 4, 2010 (gmt 0)

I think Jim has assisted. That looks like a clear explanation in the third and fourth paragraphs above.

MagicDude4Eva

7:26 am on May 4, 2010 (gmt 0)

Jim's explanation makes sense, but I just don't know how to do the RewriteCond.

The request has to be a GET as we are not able to influence this. We receive the request as it is encoded and the rewrite forwards it to Tomcat (at that point in time it appears that the rewrite rule has dropped off everything behind the ampersand). I did some Google searches and being unfamilar with rewrites, I honestly don't know how to do it.

jdMorgan

3:09 pm on May 4, 2010 (gmt 0)

You could try something like this in your server config file, outside of any <Directory> container, and not in a .htaccess file:


RewriteCond %{THE_REQUEST} ^[A-Z]+\ /iesearch/([^\ ]*)\ HTTP/
RewriteRule ^/iesearch/ /jsp/search/ieaccelerators/visualsearch.jsp?q=%1 [NE,PT,L]

For use in .htaccess or in a <Directory> container in a server config file, it will be necessary to remove the leading slash from the RewriteRule pattern, and you may also need to adjust the RewriteRule pattern to "localize" the URL-path being matched to the <Directory> container or .htaccess file's directory-path.

Jim

MagicDude4Eva

5:49 pm on May 4, 2010 (gmt 0)

Hi Jim - thank you soooo much - this is awesome and solved my problem. Truly appreciate your help!