Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Jason_Keating's avatar
Jason_Keating
Icon for Altostratus rankAltostratus
8 years ago

HTTP::uri decodes encoded chars by default, and I don't see an option to stop it

I am doing simple HTTP to HTTPS redirects, I can't use a policy and need to use an iRule to do this.   My problem is some of the URI's contain encoded chars - in particular an encoded /. When I th...
application delivery
LTM
stan_piron's avatar
stan_piron
Icon for Cumulonimbus rankCumulonimbus
8 years ago

Hi,

I don't understand what is the issue.

I tested your URI with the default 

_sys_https_redirect
irule which redirect http to https and here is the result:

$ curl http://company.local/0%2F101%2F0%2F1/621be240-355e-4f75-b96a-e4116d195fd4 -vv
*   Trying 1.1.1.1...
* Connected to company.local (1.1.1.1) port 80 (0)
> GET /0%2F101%2F0%2F1/621be240-355e-4f75-b96a-e4116d195fd4 HTTP/1.1
> Host: company.local
> User-Agent: curl/7.43.0
> Accept: */*
> 
* HTTP 1.0, assume close after body
< HTTP/1.0 302 Found
< Location: https://company.local/0%2F101%2F0%2F1/621be240-355e-4f75-b96a-e4116d195fd4
< Server: BigIP
* HTTP/1.0 connection set to keep alive!
< Connection: Keep-Alive
< Content-Length: 0
< 
* Connection 0 to host company.local left intact

The redirect keep all encoded characters and did not decode them.