The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to enable AllowEncodedSlashes?

Discussion in 'General Discussion' started by SickFinga, Sep 5, 2016.

  1. SickFinga

    SickFinga Member

    Joined:
    Jan 21, 2005
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    I'm trying to enable slashes in the URLs, but no matter where I set "AllowEncodedSlashes On" it doesn't work.

    So far I've tried manually editing '/usr/local/apache/conf/httpd.conf' and adding "AllowEncodedSlashes On" at the beginning of the file and inside <VirtualHost>

    I've tried adding it to include files in the WHM (Home »Service Configuration »Apache Configuration »Include Editor) and that also did not solve the issue.

    I'm running Apache 2.4.16

    Any ideas what I am doing wrong?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    This directive is documented at:

    core - Apache HTTP Server Version 2.4

    I'm able to successfully browse to a URL with an encoded path separator, even before enabling this directive:

    Code:
    http://domain.tld/1234%5c5.html
    Could you let us know the steps you are using for testing?

    Thank you.
     
  3. SickFinga

    SickFinga Member

    Joined:
    Jan 21, 2005
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    I pass a base64 encoded parameter which has forward slashes in it.

    Code:
    http://subdomain.domain.tld/page/Rz41tUSb5eTREoBH%2FkcveOThaL7NIY0XHLdZkpY7QSU%3D
    My .htaccess has the following rule

    Code:
    RewriteEngine On
    RewriteRule ^page/([^/]*)$ page.php?id=$1 [B]
    
    The end result is Error 404.


    I also created the 1234%5c5.html test file using nano and then tried to access it and I still get the error 404.

    Code:
    Not Found
    The requested URL /1234\5.html was not found on this server.
    
    Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
    
    I got WHM 58.0 (build 25)
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you verify if the issue persists when temporarily disabling that rewrite rule?

    Thank you.
     
  5. SickFinga

    SickFinga Member

    Joined:
    Jan 21, 2005
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Removed .htaccess, same issue
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's possible this is happening due to an existing Mod_Security rule on your system. Do you notice any entries in /usr/local/apache/logs/error_log when this happens?

    Thank you.
     
  7. SickFinga

    SickFinga Member

    Joined:
    Jan 21, 2005
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    No errors relating to the issue

    I also disabled mod_security on that domain and I still get the error 404
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  9. SickFinga

    SickFinga Member

    Joined:
    Jan 21, 2005
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Opened.

    Support Request ID is: 7653221
     
  10. SickFinga

    SickFinga Member

    Joined:
    Jan 21, 2005
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Jason Thomson from CPanel support got it fixed. The instructions for adding "AllowEncodedSlashes On" setting are:

    Make the following directory. Replace username with the username of the user and domain.tld with the domain.

    Code:
    mkdir -p /usr/local/apache/conf/userdata/std/2_4/username/domain.tld/
    Create slashes.conf file

    Code:
    vi /usr/local/apache/conf/userdata/std/2_4/bimmer/bimmeroptions.com/slashes.conf
    add

    Code:
    AllowEncodedSlashes On
    to the file,

    rebuilt httpconf

    Code:
    /scripts/rebuildhttpdconf
    restart Apache
     
Loading...

Share This Page