summaryrefslogtreecommitdiffstats
path: root/docs/manual/rewrite/flags.html.en
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-07-01 17:06:34 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-07-01 17:06:34 +0000
commitc9ddc2c74812bbc4a0f6103c09b784b711e5efc9 (patch)
treefe079796693183f809915a925bd50ca1af019d9e /docs/manual/rewrite/flags.html.en
parentAdding upstream version 2.4.59. (diff)
downloadapache2-c9ddc2c74812bbc4a0f6103c09b784b711e5efc9.tar.xz
apache2-c9ddc2c74812bbc4a0f6103c09b784b711e5efc9.zip
Adding upstream version 2.4.60.upstream/2.4.60
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docs/manual/rewrite/flags.html.en')
-rw-r--r--docs/manual/rewrite/flags.html.en19
1 files changed, 18 insertions, 1 deletions
diff --git a/docs/manual/rewrite/flags.html.en b/docs/manual/rewrite/flags.html.en
index bfb5656..604e278 100644
--- a/docs/manual/rewrite/flags.html.en
+++ b/docs/manual/rewrite/flags.html.en
@@ -57,6 +57,8 @@ providing detailed explanations and examples.</p>
<li><img alt="" src="../images/down.gif" /> <a href="#flag_r">R|redirect</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#flag_s">S|skip</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#flag_t">T|type</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#flag_unsafe_allow_3f">UnsafeAllow3F</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#flag_unsafe_prefix_status">UnsafePrefixStat</a></li>
</ul><h3>See also</h3><ul class="seealso"><li><a href="../mod/mod_rewrite.html">Module documentation</a></li><li><a href="intro.html">mod_rewrite introduction</a></li><li><a href="remapping.html">Redirection and remapping</a></li><li><a href="access.html">Controlling access</a></li><li><a href="vhosts.html">Virtual hosts</a></li><li><a href="proxy.html">Proxying</a></li><li><a href="rewritemap.html">Using RewriteMap</a></li><li><a href="advanced.html">Advanced techniques</a></li><li><a href="avoid.html">When not to use mod_rewrite</a></li><li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
@@ -820,7 +822,22 @@ otherwise the MIME-type set with this flag is lost due to an internal
re-processing (including subsequent rounds of mod_rewrite processing).
The <code>L</code> flag can be useful in this context to end the
<em>current</em> round of mod_rewrite processing.</p>
-
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="flag_unsafe_allow_3f" id="flag_unsafe_allow_3f">UnsafeAllow3F</a></h2>
+ <p> Setting this flag is required to allow a rewrite to continue If the
+ HTTP request being written has an encoded question mark, '%3f', and the
+ rewritten result has a '?' in the substiution. This protects from a malicious
+ URL taking advantage of a capture and re-substitution of the encoded
+ question mark.</p>
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="flag_unsafe_prefix_status" id="flag_unsafe_prefix_status">UnsafePrefixStat</a></h2>
+ <p> Setting this flag is required in server-scoped substitutions
+ start with a variable or backreference and resolve to a filesystem path.
+ These substitutions are not prefixed with the document root.
+ This protects from a malicious URL causing the expanded substitution to
+ map to an unexpected filesystem location.</p>
</div></div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/rewrite/flags.html" title="English">&nbsp;en&nbsp;</a> |