Oracle HTTP Server Is Decoding %2f Appearing In A Request URI (Doc ID 759416.1)

Last updated on MARCH 15, 2023

Applies to:

Oracle HTTP Server - Version 10.1.2.0.0 to 10.1.3.5.0 [Release AS10gR2 to AS10gR3]
Oracle HTTP Server - Version 11.1.1.1.0 and later
Oracle WebLogic Server - Version 10.3.1 and later
Information in this document applies to any platform.

Symptoms

When trying to access a URL that has / as escaped forward slash, Oracle HTTP server always un-escape the character. As a result of this behavior a 404 error is returned to the web browser as the modified url does not exist on the server.

The issue can be reproduced at will with following steps:

1. Create a html page named as below in htdocs directory: test/hello.html
2. Type in url http://hostname.domain/test/hello.html in a browser and the OHS returns 404. The log file of HTTP server shows the url has been unescaped to http://hostname.domain/test/hello.html

Changes

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Oracle HTTP Server Is Decoding %2f Appearing In A Request URI (Doc ID 759416.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!