Oracle HTTP Server Is Decoding %2f Appearing In A Request URI
Last updated on JANUARY 25, 2017
Applies to:Oracle HTTP Server - Version 10.1.2.0.0 to 10.1.3.5.0 [Release AS10gR2 to AS10gR3]
Oracle HTTP Server - Version 22.214.171.124.0 and later
Oracle WebLogic Server - Version 10.3.1 and later
Information in this document applies to any platform.
When trying to access a URL that has %2f as escaped forward slash, Oracle HTTP server always un-escape the character. As a result of this behavior a 404 error is returned to the web browser as the modified url does not exist on the server.
The issue can be reproduced at will with following steps:
1. Create a html page named as below in htdocs directory: test%2fhello.html
2. Type in url http://hostname/test%2fhello.html in a browser and the OHS returns 404. The log file of HTTP server shows the url has been unescaped to http://hostname/test/hello.html
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms