I stumbled upon this by accident when mistyping the URL for a web page in my web browser.
Why does visiting
http://example.com/% cause an HTTP 400 Bad Request error to be thrown? Is the server expecting something else after or before the percent sign?
It seems to happen for Apache and Nginx servers.
- (Server: cloudflare-nginx) http://superuser.com/%
- (Server: Apache) http://mozilla.org/%
As per RFC 3986, a bare
% character is not a valid URI syntax; it should be followed by two meaningful hexadecimal digits.
The HTTP status code you got belongs to the
4xx: Client Error - The request contains bad syntax or cannot be fulfilled
Source: Hypertext Transfer Protocol (HTTP) Status Code Registry
In particular, code
400 is defined by the Internet Engineering Task Force (IETF) in RFC 2616:
10.4.1 400 Bad Request
The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.
Source: RFC 2616 - Hypertext Transfer Protocol -- HTTP/1.1
Quoting Wikipedia (bold emphasis mine):
The characters allowed in a URI are either reserved or unreserved (or a percent character as part of a percent-encoding).
Source: Percent-encoding - Percent-encoding in a URI
If you want to insert a literal
% symbol, you need to use its percent-encoded representation:
List of HTTP status codes
The percent sign is for inserting a character that is normally not supported in the url. For example %20 is the same as a space.