Problem

Trying to link a Confluence page to a JIRA issue (or to any other application) where the Confluence page contains a special character (eg ':') fails with the error : "No Confluence page found with the given URL".

Steps to reproduce :

• Navigate to JIRA issue > More > Link > Confluence page
• Search for a Confluence page with a special character. For example ':'
• The page is searchable but when clicking on "Link" the following error is displayed.

Diagnosis

Environment

• JIRA and Confluence are hosted behind the reverse proxy.

Diagnostic Steps

• Issue is not reproducible after bypassing the proxy
• With proxy, looking closer, there is also a difference in the url displayed in Confluence from the one displayed in JIRA for the same page.
  • In JIRA : User is able to see the URL : https://xxxx.com/confluence/display/AAA/AAAA+2015%3A+Q2
  • In Confluence : The URL generated on mouse hover on the PAGE TREE is : https://xxxx.com/confluence/display/AAA/AAAA+2015:+Q2

• The following error is displayed in Confluence logs: 

  2017-03-01 09:33:17,977 WARN [http-nio-8082-exec-23] [oauth.serviceprovider.internal.AuthenticatorImpl] logOAuthProblem Problem encountered authenticating OAuth client for url "https://xxxx.com/confluence/display/AAA/AAAA+2015:+Q2", error was "signature_invalid", with parameters "{oauth_problem=signature_invalid, oauth_signature=xOAIBqODL66ZOHlTHYCnf5Uh0HWCF1FLPujjblWUVAfs6u3V4V3qQwNxUg6JddNQDFbBLqKYfonwIfI1Sp9RRqtbhDsdhJC3kTSC2++b5oUja1BJ59YrnyAhxP/OBJT9ePcru3V9C8P9Pq9tVIKX7HJaTQKeU3DSqWDo1ZvSZB8=, oauth_signature_base_string=GET&https%3A%2F%2Fxxx.com%2Fconfluence%2Fdisplay%2FBPP%2FTest%2BConfluence%2BLinking%2Bwith%2B%3A%2BJira%2BIssues&oauth_consumer_key%3Djira%253A11124560%26oauth_nonce%3D44427251144970311%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1488360797%26oauth_token%3D%26oauth_version%3D1.0%26xoauth_requestor_id%3Ddkum83, oauth_signature_method=RSA-SHA1}"

Cause

When JIRA searches for the page, Confluence is sending the url with '%3A' to JIRA. However at the time of adding the page link, JIRA proxy is encoding '%3A' to ':' and sending it back to Confluence. At this moment, Confluence sees that the request url was modified and hence fails with the 'signature_invalid' error. 
This same problem does not arise when you manually change the url to add the colon ':' in the url. This is because proxy does not interfere with this url at this point. So Confluence receives this url as is. So the link is approved.

Workaround

• Replace %3A to use colon (:) in JIRA right before pressing "Link"
  
  
  

Resolution

 We are taking Apache httpd as an example here : 

Use the 'nocanon' parameter in the proxy configuration as it suppresses the special character conversion in the url.

Reference : https://httpd.apache.org/docs/2.4/mod/mod_proxy.html

The optional nocanon keyword suppresses this and passes the URL path "raw" to the backend. Note that this keyword may affect the security of your backend, as it removes the normal limited protection against URL-based attacks provided by the proxy.

Description:	Maps remote servers into the local server URL-space
Syntax:	ProxyPass [path] !|url [key=value [key=value ...]] [nocanon] [interpolate] [noquery

ProxyPass               /jira     http://127.0.0.1:8080/jira nocanon

Context : https://www.silverdisc.co.uk//blog/2009/02/28/url-canonicalisation-and-normalisation

Example of a Url proxied by httpd : 

Without using nocanon  : http://xxxxx/jira/browse/DRX-1+:

Using nocanon  : http://xxxxx//jira/browse/DRX-1+%3A