Apache update causes Drupal URLs with spaces and other special characters to fail

[neilt1700]

A recent update to Apache (2.4.52) will cause URLs with spaces and other special characters to fail. For example:
Go to https://example.com/search
Search for "this and that"
This will take you to: https://example.com/search/node/this and that
and a 403 Forbidden message

Adding a "B" flag to rewrite rules in the .htaccess file in the top directory of Drupal 6 fixes this:
From:
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
To:
RewriteRule ^(.*)$ index.php?q=$1 [B,L,QSA]

See: https://stackoverflow.com/questions/75684314/ah10411-error-managing-spaces-and-20-in-apache-mod-rewrite

[amorsent]

Cross referencing my pull request for this issue.
#79

[JPustkuchen]

Just ran into this, but can't confirm adding the B solves this entirely.

A big issue with this are "?destination=XXX?Y" URLs.
The parameters from the destination URLs are also escaped and lead to broken 403 URLs.

Logs still say:

AH: Unsafe URL with %3f URL rewritten without UnsafeAllow3F, referer: https://www.example.com/test123?ref_nid=366472

I wasn't able to find a fully working workaround yet.
For plesk users this is also documented here: https://support.plesk.com/hc/en-us/articles/13302819141783-Domain-in-Plesk-shows-error-403-rewritten-query-string-contains-control-characters-or-spaces
But switching to FastCGI also didn't solve it for me.

[JPustkuchen]

Update: #79 seems to be the only real solution. Thank you @amorsent! Maybe someone should ping @dsnopek?

[JPustkuchen]

Update 2: As a super hacky and risky emergency fix you may use: RewriteRule ^(.*)$ index.php?q=$1 [L,QSA,B,UnsafeAllow3F]
But please note you're putting your project on security risk!

Just saw the Typo3 community is hardly hit by this Apache fix.