dongya8378
dongya8378
2019-02-02 21:42

有没有办法在网址中允许不安全的字符?

I've been trying to upgrade a old Game Server Api that sends requests using special non safe characters such as 0x20 and 0x08

Request sent from the application

Answer from apache after the request

What I've trying doing is changing the .htaccess to get those special characters and replace then to their %hex as any other browser would do.

RewriteRule ^(.*)\x08(.*)$ $1%08$2 [B]
RewriteRule ^(.*)\x20(.*)$ $1%20$2 [B]

I've also added the following option to my apache2.conf

HttpProtocolOptions unsafe

One way that it works is using IIS to host the php and using Windows Registry Editor to force IIS to allow unescaped characters.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]
"DisableServerHeader"=dword:00000001
"AllowUnEscapedRestrictedChars"=dword:00000001
"AllowWeakHeaderValueSyntax"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\Synchronize]

But then using that I can't run the main API in a Linux based machine - which is the goal for this project. I would like to know if someone already came across with this issue. I want to be able to request unsafe characters on urls without crashing. They must be unescaped in the url because the data source sends the special characters as unescaped

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

相关推荐