recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Configuration Guide: Set UnsafeAllow3F for Apache RewriteRule

Summary:
Since Apache HTTP Server 2.4.61 including https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/mappers/mod_rewrite.c?r1=1918560&r2=1918561&pathrev=1918561&diff_format=h due to https://www.cve.org/CVERecord?id=CVE-2024-38474, URIs including %3F throw a HTTP 403 error and the following error log entry:

`AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F`

Update the corresponding RewriteRule in the Phorge configuration guide to explicitly set UnsafeAllow3F.

https://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_unsafe_allow_3f

Closes T15889

Test Plan: Run Apache HTTP Server 2.4.61, go to https://phorge.localhost/maniphest/task/edit/form/default/?title=%3f and get a HTTP 403 (before) or a "?" as task title (after).

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15889

Differential Revision: https://we.phorge.it/D25739

Andre Klapper 4da3b096 62aaa0fc

+1 -1
+1 -1
src/docs/user/configuration/configuration_guide.diviner
··· 49 49 DocumentRoot /path/to/phorge/webroot 50 50 51 51 RewriteEngine on 52 - RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA] 52 + RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA,UnsafeAllow3F] 53 53 </VirtualHost> 54 54 55 55 If Apache isn't currently configured to serve documents out of the directory