Pages with special characters are not accessible via reverse proxy

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

(warning)  Atlassian applications allow the use of reverse-proxies within our products, however Atlassian Support does not provide assistance for configuring them. Consequently, Atlassian can not guarantee providing any support for them.

If assistance with configuration is required, please raise a question on Atlassian Answers.


Problem

Opening a page with a title that contains special characters leads to a system error.  For example: [ABC] Hello

The following appears on the screen as well as in  atlassian-confluence.log

Caused by: java.net.URISyntaxException: Illegal character in path at index 14: /display/<SPACEKEY>/[ABC]+HELLO
	at java.net.URI$Parser.fail(URI.java:2848)
	at java.net.URI$Parser.checkChars(URI.java:3021)
	at java.net.URI$Parser.parseHierarchical(URI.java:3105)
	at java.net.URI$Parser.parse(URI.java:3063)
	at java.net.URI.<init>(URI.java:588)
	at com.github.kristofa.brave.servlet.ServletHttpServerRequest.getUri(ServletHttpServerRequest.java:25)
	... 49 more

Diagnosis

Environment

Confluence is configured with an Apache Reverse Proxy, an Apache Reverse Proxy Using the AJP Protocol OR NGINX.

Cause

While the handling of special characters in the page title worked for the proxy configuration while running Confluence 5.8.x, the same configuration no longer works in version 5.10.x or higher.

Workaround

Apache Reverse Proxy Using the AJP Protocol

In the httpd.conf.local file, the following JkOption will most likely be present:

JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories


The +ForwardURICompat parameter needs to be changed for Confluence 5.10.x  to +ForwardURICompatUnparsed.  For example:

JkOptions +ForwardKeySize +ForwardURICompatUnparsed -ForwardDirectories


Apache Reverse Proxy

For an Apache reverse proxy, ensure that the following is present:

ProxyPass /confluence http://localhost:8090/confluence nocanon


NGINX

For NGINX, simply edit the nginx.conf file by adding $request_uri; to the proxy_pass directive (as long as the location and context path are the same).  For example: 

location /<context-path> {

    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 

proxy_pass http://<base-url>/<context-path>$request_uri;
}

If this doesn't work or returns an error (we've seen some users receive 502 errors with the above change), then please use the following:

location /<context-path> {

    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
 
if ($request_uri ~* "/<context-path>(/.*)") { 
	proxy_pass http://<base-url>/<context-path>$1; break; 
}

proxy_pass http://<base-url>/<context-path>;
}

In all cases, the proxy will need to be restarted to pick up these changes.


(warning) Note

Caveat: When the same Nginx is used by Jira, this configuration will affect Jira's configuration for the OAuth2 - Configure an outgoing link as the format of the Request is <Jira base URL>/rest/oauth2-client/latest/config/get-redirect-uri/?authorizationEndpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize


Last modified on Dec 27, 2022

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.