Apache mod_rewrite Tests
In the Insurrection system, I have made use of the Apache mod_rewrite to direct certain operations to other internal CGIs. Part of my test setup has a directory within Subversion that is full of files with various 7-bit ASCII characters. A number of the cases did not work correctly. At first I thought it had to be something I did wrong and worked on finding all escaping issues and URL mishandling within my code. However, after doing all of that, I finally put together this test setup that shows how certain characters cause rather drastic changes to the passed in URL that otherwise would work if sent directly to the initial intended target. (I have not yet started on the work to support full UTF-8 due to the problems I had run into so far.)
Apache 2.0.54 mod_rewrite problems
All of this was tested with the latest Apache, version 2.0.54, compiled on various Linux platforms. I have filed bug report #34602 with the Apache project.
What I have found is that the redirect rewrite rules cause URL encoded characters within the parameters to be escaped again. That is, the "%" character is replaced with a "%25" which means that if I had a, say, "%20" in the parameter, it would end up being passed as "%2520" which is not the same thing. There are also a problem with the escaped character "%3F" which causes the whole URL to be very confused when it is within the path of the URL. Thus, all escaped characters are passed incorrectly in the CGI parameters and one of them also fails in the URL location.
The proxy rewrite rule works a bit better in that it does not double escape the parameters but there are many more cases where it causes drastic failure of the request. For example, a URL with "%20" in it will get broken at that point as if it was a raw space and the rest of the URL path is lost. The escaped characters that cause the proxy to fail are: "%20", "%23", "%25", and "%3F"
The test setup here is rather simple and consists of 4 files, the test.html frameset, the control.html control frame, the test.cgi CGI used for all of the test frames, and the .htaccess file that describes the rewrite rules. There are also 3 images that are used to identify each of the frames within the browser.
The code can be gotten from my public Subversion server at http://svn.code-host.net/svn/Insurrection/rewrite-test/.