English
  1. Home
  2. Technical
  3. Apache
  4. mod_proxy and URL character encoding
  1. Home
  2. Technical
  3. mod_proxy and URL character encoding
Searching...

mod_proxy and URL character encoding

Contents

If it’s important for an application running behind a proxy that all URL characters reach the application unchanged, then unfortunately, the inbound request redirection configured via My Zone (mod_proxy) is not suitable for this purpose, because it makes certain modifications to the URL before passing it to the application.

For example, some characters are re-encoded into their hexadecimal equivalents.
Characters such as “#”, “&”, and “?” are transformed into “%23”, “%26”, and “%3F”, respectively.

This, in turn, makes it quite complicated to use applications such as Thumbor. Although in theory the nocanon keyword could help when using mod_proxy, unfortunately My Zone does not support this option.

The issue can be resolved by replacing mod_proxy with an Apache rewrite rule — for example, by adding the following Apache directive block:
RewriteCond "%{THE_REQUEST}" "^[A-Z]+\ /([^?\ ]+)/?"
RewriteRule "^/(.*)" "http://127.0.157.196:8888/%1" [P,NE]

127.0.157.196 and 8888 must be replaced with the correct values (you can find the correct loopback IP address either in the My Zone control panel under Webhosting → System information, or by running the command vs-loopback-ip -4 in the shell).

The NE flag in the Rewrite rule ensures that no modifications are made to the URL or parameters passed to the application.
https://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_ne

Security Warning!

Using the [NE] (No Escape) flag can pose a security risk if requests are redirected to an unknown or public service. Use the [NE] flag only when proxying to an internal, trusted service, and make sure that the backend validates URLs and does not interpret them as command-line arguments or file paths.

RewriteCond explained

RewriteCond "%{THE_REQUEST}" "^[A-Z]+\ /([^?\ ]+)/?"

This is the condition under which the rule is applied.
Here, a special variable %{THE_REQUEST}, is used — it contains the browser’s original HTTP request line, for example:
GET /images/foo.jpg?size=large HTTP/1.1

Explanation of the regular expression(regexp) ^[A-Z]+\ /([^?\ ]+)/?:

  • ^[A-Z]+ — matches the HTTP method (e.g GET, POST, HEAD etc)

  • \ / — a space followed by a slash (the way every URL begins)

  • ([^?\ ]+) — captures all characters up to the first ? (query parameters) or space.
    In other words, it captures only the “clean path” part of the URL, without the query string.

  • /? — allows for one optional trailing slash at the end.

This “captured” part is stored as group %1, which can later be used inside a RewriteRule.

Updated on 6. Nov 2025
Tagged:
Was this article helpful?
Yes No

Related Articles