Just got this when I tried to add a specific permission for ffxbld in Balrog prod: The requested URL /users/ffxbld/permissions//releases/:name/builds/:platform/:locale was not found on this server. I'm suspecting something is broken in the routing.
Component: Tools → Balrog: Backend
QA Contact: hwine → bhearsum
I was able to reproduce this locally and discovered this: [Wed Jan 08 15:45:08.086283 2014] [core:info] [pid 4121] [client 127.0.0.1:43758] AH00026: found %2f (encoded '/') in URI (decoded='/users/stage/permissions//releases/:name/builds/:platform/:locale'), returning 404, referer: http://localhost/user_permissions.html?username=stage After some googling, I found that setting AllowEncodedSlashes to On or NoDecode fixes the issue.
And from the Apache docs: "If encoded slashes are needed in path info, use of NoDecode is strongly recommended as a security measure. Allowing slashes to be decoded could potentially allow unsafe paths." - so we should be using NoDecode. IT, can we get "AllowEncodedSlashes NoDecode" set for all of the aus4 admin apps (dev, stage, prod).
Component: Balrog: Backend → WebOps: Product Delivery
Product: Release Engineering → Infrastructure & Operations
QA Contact: bhearsum → nmaul
Version: unspecified → other
Whoops, this probably shouldn't be assigned to me anymore...
Assignee: bhearsum → server-ops-webops
Any idea when someone can get to this?
Assignee: server-ops-webops → bburton
Unfortunately we can't use NoDecode because it only ships in 2.2.18  or newer and RHEL 6 httpd is 2.2.15 with backported security patches  http://httpd.apache.org/docs/2.2/mod/core.html#allowencodedslashes Should I set it with just "AllowEncodedSlashes On"?
(In reply to Brandon Burton [:solarce] from comment #5) > Unfortunately we can't use NoDecode because it only ships in 2.2.18  or > newer and RHEL 6 httpd is 2.2.15 with backported security patches > >  http://httpd.apache.org/docs/2.2/mod/core.html#allowencodedslashes > > Should I set it with just "AllowEncodedSlashes On"? That sounds fine to me.
Shipped to dev, stage, and prod via Puppet
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Verified - thanks!
Status: RESOLVED → VERIFIED
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.