Craig Jacobs Craig Jacobs - 4 months ago 26
Apache Configuration Question

IE and Edge converting %2F to %252F when clicked

Have a client that has lots of identifiers that have /s in them. We use these identifiers in the URL. (Why their software allows special characters like that in SKU numbers is a question for another day.)

Using Apache 2.4, AllowEncodedSlashes NoDecode is set and works fine.

However, on certain client machines in IE and Edge (if the issue is present it's present in both), when the link is clicked, or even pasted into the address bar you can see it change the %2F to %252F.

On those machines Chrome and Firefox work fine.

Sample URL: (proper)

Becomes: (incorrect)

On those machines this is consistent.

AFAIK this is happening immediately within the browser.

My suspicion is this has something to do with the page encoding and the client's language settings, or something like that, but I cannot even begin to guess what the issue might be.

here is a link to a (low quality) video showing it happen.

** UPDATE **

It seems that there is something going on with mod_rewrite on the server. Why it only impacts Edge and IE on some machines is not clear, but I was able to duplicate it in Chrome.

It seems that if any URL that has a %2F in it triggers a mod_rewrite rule, then at that point the %2F gets replaced by the %252F.

For example, there is a rule to add a trailing slash if one is missing:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !\..+$
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ $1/ [R=301,L]

So this works:

This (note lack of trailing slash) will not:

What I end up with in the 2nd case is (note added slash and translated %2F):

This is creating problems, as in PHP I end up with crb1-1//F8x8 as the value which is not a valid item code.


The issue turned out to be that when the URL in the HREF contained %2F, if a rewrite rule was triggered, the %2F was getting re-encoded by mod_rewrite.

Adding "NE" to the rule fixed the issue. For example:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !\..+$
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ $1/ [**NE**,R=301,L]

I'm still unable to explain why a subset of windows machines running IE or Edge consistently triggered a rule that Chrome, Firefox, etc do not.