IBM Support

PH32435: ENCODED CHARCTERS (%2F ETC) IN URI

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • WebSphere Application Server for IBM i.
    Client unable to access
    WebSphere through HTTP Server/plugin when there is encoded
    charcters (%2f etc) in URI.
    This symptom occurs when client
    access WebSphere through HTTP Server/plugin.
    This symptom does
    not occur when client access WebSphere directly (not through
    HTTP Server/plugin).
     .
    Their web application needs to receive
    encoded charcters (%2f, %5f etc) sent by client.
    That means
    that HTTP Server and plugin must not change encoded charcters
    sent by the client.
     .
    They found a setting to keep the encoded
    characters in the following documents.
    -----
    http://publib.bould
    er.ibm.com/httpserv/ihsdiag/plugin_questions.html
    Why does the
    WAS Plugin send a different encoding then the incoming request
    used?
    By default, the WAS Plugin uses the URL that has been
    decoded by Apache and split into various sub-components.
    It
    can then re-encode the components in unexpected ways. After
    PM31189, you can have the Plugin start with the URl
    the way
    the client encoded it and do no further decoding or encoding.
    The apache environment variable
    websphere-nocanon turns this
    feature on.
    If the character you're having trouble with is '/'
    (%2f), you'll also need the IHS portion of PM31189 to pass
    
    through %2f un-decoded with AllowEncodedSlashes
    NoDecode.
    -----
    PM31189: URL CONTAINING "%2F" IS BEING DECODED
    TO "/" WITH ALLOW ENCODEDSLASH
    ON
    https://www.ibm.com/support/pages/apar/PM31189
    -----
     .
    And,
    they add following setting in httpd.conf
    -----
    SetEnv
    websphere-nocanon 1
    AllowEncodedSlashes NoDecode
    ------
    
    .
    However, they could not access to their application.
    For
    example, if there is %2f in URI that client specified, plugin
    changed it to %252f unexpectedly.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server on IBM i that use the WebSphere      *
    *                  HTTP Server plug-in.                        *
    ****************************************************************
    * PROBLEM DESCRIPTION: URLs received with encoded forward      *
    *                      slashes '/' (%2f) by an IBM HTTP        *
    *                      Server running on the IBM i platform    *
    *                      and using the WebSphere plugin to       *
    *                      pass the URL into an Application        *
    *                      Server can incorrectly re-encoded the   *
    *                      encoded slashes in some cases.          *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    If the IBM HTTP Server is set to use was_ap20_module
    QSVTAP24.SRVPGM and has the following directives in its
    configuration file (httpd.conf):
    SetEnv websphere-nocanon 1
    AllowEncodedSlashes NoDecode
    Then URLs with encoded forward slashes (%2f) will be
    incorrectly re-encoded as (%252f).
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    PH32435

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-12-07

  • Closed date

    2021-01-21

  • Last modified date

    2021-01-21

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

[{"Line of Business":{"code":"LOB36","label":"IBM Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850"}]

Document Information

Modified date:
22 January 2021