APAR status
Closed as program error.
Error description
WebSphere Application Server for IBM i. Client unable to access WebSphere through HTTP Server/plugin when there is encoded charcters (%2f etc) in URI. This symptom occurs when client access WebSphere through HTTP Server/plugin. This symptom does not occur when client access WebSphere directly (not through HTTP Server/plugin). . Their web application needs to receive encoded charcters (%2f, %5f etc) sent by client. That means that HTTP Server and plugin must not change encoded charcters sent by the client. . They found a setting to keep the encoded characters in the following documents. ----- http://publib.bould er.ibm.com/httpserv/ihsdiag/plugin_questions.html Why does the WAS Plugin send a different encoding then the incoming request used? By default, the WAS Plugin uses the URL that has been decoded by Apache and split into various sub-components. It can then re-encode the components in unexpected ways. After PM31189, you can have the Plugin start with the URl the way the client encoded it and do no further decoding or encoding. The apache environment variable websphere-nocanon turns this feature on. If the character you're having trouble with is '/' (%2f), you'll also need the IHS portion of PM31189 to pass through %2f un-decoded with AllowEncodedSlashes NoDecode. ----- PM31189: URL CONTAINING "%2F" IS BEING DECODED TO "/" WITH ALLOW ENCODEDSLASH ON https://www.ibm.com/support/pages/apar/PM31189 ----- . And, they add following setting in httpd.conf ----- SetEnv websphere-nocanon 1 AllowEncodedSlashes NoDecode ------ . However, they could not access to their application. For example, if there is %2f in URI that client specified, plugin changed it to %252f unexpectedly.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server on IBM i that use the WebSphere * * HTTP Server plug-in. * **************************************************************** * PROBLEM DESCRIPTION: URLs received with encoded forward * * slashes '/' (%2f) by an IBM HTTP * * Server running on the IBM i platform * * and using the WebSphere plugin to * * pass the URL into an Application * * Server can incorrectly re-encoded the * * encoded slashes in some cases. * **************************************************************** * RECOMMENDATION: * **************************************************************** If the IBM HTTP Server is set to use was_ap20_module QSVTAP24.SRVPGM and has the following directives in its configuration file (httpd.conf): SetEnv websphere-nocanon 1 AllowEncodedSlashes NoDecode Then URLs with encoded forward slashes (%2f) will be incorrectly re-encoded as (%252f).
Problem conclusion
This fix prevents the re-encoding of encoded forward slashes (%2f) in passed in URLs when the HTTP server configuration file (httpd.conf) contains the following directives: SetEnv websphere-nocanon 1 AllowEncodedSlashes NoDecode For more information about this behavior, please see: https://www.ibm.com/support/pages/apar/PM31189 http://publib.boulder.ibm.com/httpserv/ihsdiag/plugin_questions. html#plugindecode The fix for this APAR is targeted for inclusion in fix pack 8.5.5.20 and 9.0.5.7. For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/715553
Temporary fix
Comments
APAR Information
APAR number
PH32435
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-12-07
Closed date
2021-01-21
Last modified date
2021-01-21
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R850 PSY
UP
R900 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
02 November 2021