Why does the percent sign in a URL cause an HTTP 400 Bad Request error?

I stumbled upon this by accident when mistyping the URL for a web page in my web browser.

Why does visiting http://example.com/% cause an HTTP 400 Bad Request error to be thrown? Is the server expecting something else after or before the percent sign?

It seems to happen for Apache and Nginx servers.

  • (Server: cloudflare-nginx) http://superuser.com/%

    Why does the percent sign in a URL cause an HTTP 400 Bad Request error?

  • (Server: Apache) http://mozilla.org/%

    Why does the percent sign in a URL cause an HTTP 400 Bad Request error?

Replay

Short answer

As per RFC 3986, a bare % character is not a valid URI syntax; it should be followed by two meaningful hexadecimal digits.

Long answer

The HTTP status code you got belongs to the 4xx class:

4xx: Client Error - The request contains bad syntax or cannot be fulfilled

Source: Hypertext Transfer Protocol (HTTP) Status Code Registry

In particular, code 400 is defined by the Internet Engineering Task Force (IETF) in RFC 2616:

10.4.1 400 Bad Request

The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.

Source: RFC 2616 - Hypertext Transfer Protocol -- HTTP/1.1

Quoting Wikipedia (bold emphasis mine):

The characters allowed in a URI are either reserved or unreserved (or a percent character as part of a percent-encoding).

Source: Percent-encoding - Percent-encoding in a URI

If you want to insert a literal % symbol, you need to use its percent-encoded representation: %25.

Further reading

  • List of HTTP status codes
  • Percent-encoding

The percent sign is for inserting a character that is normally not supported in the url. For example %20 is the same as a space.

Category: apache Time: 2014-05-28 Views: 10

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development

search

Front-end development

Database

development tools

Open Platform

Javascript development

.NET development

cloud computing

server

Copyright (C) avrocks.com, All Rights Reserved.

processed in 0.258 (s). 12 q(s)