Nitty Gritty Apache question

[Thomas Dowling]

For all you Apache jockeys out there...

Sometime between versions 1.3.14 and 1.3.19, Apache introduced a minor
change that's starting to give me headaches.  The "RewriteRule" directive
used to modify URLs without trying to do any interpretation on them.
Given a line like this in httpd.conf:

  RewriteRule ^/foo/(.*) /bar/$1

Any request for a URL in the /foo directory would be redirected to the
/bar directory, but nothing else would happen to the URL.

In 1.3.19, I'm seeing Apache hex-encode characters it considers unsafe
while doing the rewrite.  So if I request  '/foo/script.cgi?"alpha+beta"'
I get redirected to '/bar/script.cgi?%22alpha+beta%22' (the double quote
being ASCII character 22 in hex).  This seems like a reasonable safety
precaution.

The problem is that Apache 1.3.19 considers the percent sign unsafe, so if
I request '/foo/script.cgi?%22alpha+beta%22' I get redirected to
'/bar/script.cgi?%2522alpha+beta%2522' (the percent sign being character
25 hex).

On unencoding the script then sees a query string with the literal value
'%22alpha beta%22' instead of '"alpha beta"'  In this particular context,
this leads to a 500 error.

Has anyone else encountered this, and has anyone found a solution?

Thomas Dowling
OhioLINK - Ohio Library and Information Network
tdowling at ohiolink.edu