AH10411 Rewrite Control Characters

A vulnerablity (CVE-2023-25690) found within Apache httpd means that some Rewrite rules could be broken, highlighted by this error in the log:

AH10411: Rewritten query string contains control characters or spaces

The error is self-explanatory, there is control characters or spaces present in the query string which is used within the Rewrite, these characters will be rejected.

You can add a flag to your Rewrite to ensure the characters are escaped.

https://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_bctls [BCTLS]

And this PoC provides useful information as to the risk:

https://github.com/dhmosfunk/CVE-2023-25690-POC