Last modified: 2014-05-10 11:41:34 UTC
The .htaccess file installed in the images directory to address Bug 23285 includes the line: RewriteCond %{QUERY_STRING} \.[^\\/:*?\x22<>|%]+(#|\?|$) [nocase] However, the # sign in the regex indicates that the remainder of the line should be treated as a comment. The line should be corrected, by escaping the # sign as follows: RewriteCond %{QUERY_STRING} \.[^\\/:*?\x22<>|%]+(\#|\?|$) [nocase]
(In reply to comment #0) > The .htaccess file installed in the images directory to address Bug 23285 > includes the line: > > RewriteCond %{QUERY_STRING} \.[^\\/:*?\x22<>|%]+(#|\?|$) [nocase] > > However, the # sign in the regex indicates that the remainder of the line > should be treated as a comment. > > The line should be corrected, by escaping the # sign as follows: > > RewriteCond %{QUERY_STRING} \.[^\\/:*?\x22<>|%]+(\#|\?|$) [nocase] I think you mean another bug. bug 23285 is about login issues
The correct bug is bug 28235.
The # doesn't need to be scaped there. Using this partial URL as example: /images/asdad?sadsd.asass I've edited the .htaccess changing the condition (since apparently I wasn't able to trigger the forbidden error with the current line using a "#" in the URL: RewriteCond %{QUERY_STRING} \.[^\\/:*?\x22<>|%]+(#|b)ss [nocase] Result: 404 RewriteCond %{QUERY_STRING} \.[^\\/:*?\x22<>|%]+(#|a|b)ss [nocase] Result: 403 So basically, the # works without escaping