From: Rich Bowen Date: Fri, 3 Apr 2026 20:19:53 +0000 (+0000) Subject: Addresses bz64307 and 64607 - Correctly identifies which characters are X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=140c0bce6583c7c7048276f64bf32558e193fe32;p=thirdparty%2Fapache%2Fhttpd.git Addresses bz64307 and 64607 - Correctly identifies which characters are and are not escaped, and which behavior using NE changes. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1932831 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/rewrite/flags.xml b/docs/manual/rewrite/flags.xml index 0d9d59ece4..714711b2aa 100644 --- a/docs/manual/rewrite/flags.xml +++ b/docs/manual/rewrite/flags.xml @@ -525,11 +525,26 @@ RewriteRule "(.*\.(jpg|gif|png))$" "http://images.example.com$1" [P,NC]
NE|noescape -

By default, special characters, such as & and -?, for example, will be converted to their hexcode -equivalent for rules that result in external redirects. -Using the [NE] flag prevents that from happening. -

+

By default, when a RewriteRule +results in an external redirect, any characters in the output that are +not in the following safe set will be converted to their hexcode +(percent-encoded) equivalents:

+ + + +

For example, # would be converted to %23, +and ? to %3F. The % character +is also escaped (to %25), which means that any +percent-encoding already present in the substitution will be +double-encoded.

+ +

Using the [NE] flag prevents this escaping, allowing characters +such as # and ? to pass through to the +redirect URL unmodified.

RewriteRule "^/anchor/(.+)" "/bigpage.html#$1" [NE,R]