I'm hosting some rest APIs in an Apache server (a typical xampp package).
When I attack a resource with an http method (whichever: put, post, get...) and the URL contains an encoded colon %3A, the server sometimes replies with a 403 error. It seems to depend on the folder structure of the server. If there's an existing folder and your url attacks a resource that contains %3A in that folder, the server returns 403. When it doesn't contain %3A, it returns 404 like it should.
with a structure like this:
htdocs/apis/userContext
htdocs/apis/subscriptions
http://localhost/apis/userContext/users/tel%3A2032342349 Works (returns 404 not found, because users doesn't exist)
http://localhost/apis/userContext/tel%3A2032342349 Doesn't work (returns 403)
http://localhost/subscriptions/tel%3A2032342349 Doesn't work (returns 403)
http://localhost/nonexistingfolder/tel%3A2032342349 works (returns 404, becasue nonexistingfolder doesn't exist)
It's quite annoying since a lot of the values that are going to appear in the urls are telURIs and look like this
tel:+34678678678
so please don't tell me not to use colons there because that's simply impossible. How could I fix this?
I was able to find only one valid information about this (from October 2006) - here.
Apparently, this error doesn't appear on Linux, it happens on Windows platforms. According to the source, a short name, followed by colon (:) could be interpreted as a drive name (why is that and why file:// doesn't denote that - I don't know).
I had to solve this issue, but I could set the links myself (don't know if You have the luxury). My solution was to:
urlencode($uri) → urlencode(strtr($uri, ":", "_"))SELECT ... FROM ... WHERE uri = REPLACE(@@uri, ":", "_")