From dc604e6abe1194b73fa75f1aa20f6ee89662b343 Mon Sep 17 00:00:00 2001 From: James Perry Date: Mon, 22 Dec 2025 14:49:07 +0000 Subject: [PATCH] Make NoDecode the default setting for AllowEncodedSlashes This removes the current RUCIO_HTTPD_ENCODED_SLASHES_NO_DECODE and RUCIO_HTTPD_ENCODED_SLASHES settings so that the Apache option AllowEncodedSlashes is always set to NoDecode. In most cases that I'm aware of, this change should be safe. The main reason we want it is so that we can use a simpler decoding method on the server to split a scope and name within a URL and get rid of some complex code. Without this option being enabled, we can't do that, because some experiments use names that start with a forward slash, and this gets merged with the separator slash by the web server. The main implication of enabling this setting is that any encoded slashes (i.e. %2F) in URLs will not be merged with adjacent slashes. I'm not aware of any cases where Rucio relies on this happening and this has been a supported option for some time, just not the default. --- server/rucio.conf.j2 | 4 ---- ui/rucio.conf.j2 | 4 ---- 2 files changed, 8 deletions(-) diff --git a/server/rucio.conf.j2 b/server/rucio.conf.j2 index 540c34c..184d71c 100644 --- a/server/rucio.conf.j2 +++ b/server/rucio.conf.j2 @@ -82,11 +82,7 @@ CacheRoot /tmp ErrorLog /dev/stderr {% endif %} -{% if RUCIO_HTTPD_ENCODED_SLASHES_NO_DECODE|default('False') == 'True' %} AllowEncodedSlashes NoDecode -{% elif RUCIO_HTTPD_ENCODED_SLASHES|default('False') == 'True' %} - AllowEncodedSlashes on -{% endif %} RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) diff --git a/ui/rucio.conf.j2 b/ui/rucio.conf.j2 index bb0f37f..348ba6c 100644 --- a/ui/rucio.conf.j2 +++ b/ui/rucio.conf.j2 @@ -126,11 +126,7 @@ CacheRoot /tmp {% endif %} SSLVerifyClient optional SSLVerifyDepth 10 -{% if RUCIO_HTTPD_ENCODED_SLASHES_NO_DECODE|default('False') == 'True' %} AllowEncodedSlashes NoDecode -{% elif RUCIO_HTTPD_ENCODED_SLASHES|default('False') == 'True' %} - AllowEncodedSlashes on -{% endif %} {% if RUCIO_HTTPD_LEGACY_DN|default('False') == 'True' %} SSLOptions +StdEnvVars +LegacyDNStringFormat {% else %}