revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-25 16:22:43 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/docs
History
Andre Klapper 4da3b096b0 Configuration Guide: Set UnsafeAllow3F for Apache RewriteRule 
Summary:
Since Apache HTTP Server 2.4.61 including https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/mappers/mod_rewrite.c?r1=1918560&r2=1918561&pathrev=1918561&diff_format=h due to https://www.cve.org/CVERecord?id=CVE-2024-38474, URIs including %3F throw a HTTP 403 error and the following error log entry:

`AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F`

Update the corresponding RewriteRule in the Phorge configuration guide to explicitly set UnsafeAllow3F.

https://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_unsafe_allow_3f

Closes T15889

Test Plan: Run Apache HTTP Server 2.4.61, go to https://phorge.localhost/maniphest/task/edit/form/default/?title=%3f and get a HTTP 403 (before) or a "?" as task title (after).

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15889

Differential Revision: https://we.phorge.it/D25739
2024-08-04 09:58:57 +02:00
..
book Remove Chatlog entirely 2023-11-27 11:38:37 -07:00
contributor Fix broken URIs on "Rendering HTML" Diviner page 2024-06-28 14:39:43 +02:00
flavor PHP Pitfalls: mention strlen() deprecation since PHP 8.1 2023-05-25 13:43:33 +02:00
user Configuration Guide: Set UnsafeAllow3F for Apache RewriteRule 2024-08-04 09:58:57 +02:00