I am running Apache 2.2.15 as a reverse proxy in my DMZ. I have an application on the internal network that I make available on the Internet for staff to use by going through the reverse proxy.
As part of this application staff can see messages with PDF attachments. Internal staff (who don't have to go through the reverse proxy) can download these PDFs just fine. External staff can't.
This is what I see in the Apache logs on the application server.
172.20.0.9 - - [04/Dec/2014:08:48:21 +1300] "GET /application/home/getAttachment/MTE7Y3lzdGljIGZpYnJvc2lzLnBkZg%3D%3D HTTP/1.1" 200 88090
10.0.0.2 - - [04/Dec/2014:08:48:27 +1300] "GET /application/home/getAttachment/MTE7Y3lzdGljIGZpYnJvc2lzLnBkZg== HTTP/1.0" 400 -
The first request was from an internal user who successfully downloaded the PDF file. The second comes from the reverse proxy in the DMZ. Note how it has unescaped the "%3D%3D" at the end of the URL to "==".
There are a couple of things I'm doing in the reverse proxy. First if someone tries to go to the root directory, a Rewrite rule sends them to the application directory.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^/$ /application/ [NE,R]
</IfModule>
The other relevant part of the config is the reverse proxy part.
<IfModule mod_proxy.c>
RequestHeader set Front-End-Https "On"
SSLProxyEngine on
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
SetEnv proxy-initial-not-pooled 1
# Reverse Proxy
ProxyPass /application https://server.internal.lan/application
ProxyPassReverse /application https://server.internal.lan/application
</IfModule>
Can anyone tell me how to stop unescaping those URLs?
Thanks
David
