[Fixed] Htaccess redirect to index.html including semicolons and urlencoded characters


I have an Angular application, so I want all traffic to be redirected to index.html so that Angular can take care of it.

Currently, I have the following htaccess:

<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteBase /
  RewriteRule ^index\.html$ - [L]
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^.*$ /index.html [L,NC,QSA,NE]

When I refresh a page, everything correctly refreshes, but some important pages use Angular’s ActivatedRoute.paramMap to pass state around, and URLs come to look like this:
If I refresh on those pages, I get a 404 error.
Note that normal navigation to those pages (e.g. by clicking links) works fine.
If I manually type a URL with correct parameters and data, I get a 404. However, the errors only seem to happen while there are encoded characters in the URL, such as the above %2F. If no encoded sequence is the URL, the behaviour is correct.

The desired output is that, when I refresh on a page with those kinds of URLs including URL-encoded characters, I don’t get a 404, but the correct page, including all the parameters with semicolons for Angular to parse.

I know close to nothing about Apache and htaccess, and what tips I could find for similar problems on SO and google didn’t help.


such as the above %2F

%2F (encoded slash) and %5C (encoded backslash) are special cases and by default Apache will throw a 404 if these encoded characters appear in the URL-path portion of the URL.

This is a "security" feature, since "allowing slashes to be decoded could potentially allow unsafe paths." (source)

To allow encoded slashes in the URL, but not decode them server-side, but allow the URL to be passed through, you can set the following in the server config or directly in the <VirtualHost> container (and restart Apache):

AllowEncodedSlashes NoDecode

The NoDecode option requires Apache 2.4. (On Apache 2.2 you would need to use On – but this also decodes slashes before being passed to the backend.)

UPDATE: This cannot be used in a .htaccess (or <Directory>) context.


Leave a Reply

(*) Required, Your email will not be published