Due to the patching of the CVE-2023-25690 (CVSS score 9.8) vulnerability discovered in the Apache web server software, some Rewrite rules may have broken, now giving an error:
AH10411: Rewritten query string contains control characters or spaces
This usually happens if the address bar contains a space (%20).
To solve the problem, the BCTLS flag should be added to the end of the RewriteRule rule.
If, for example, the Rewrite rule is currently in use:
RewriteRule ^([^?]*) index.php?route=$1 [L,QSA]
Then this rule should be changed to:
RewriteRule ^([^?]*) index.php?route=$1 [BCTLS,L,QSA]
If there are no square brackets at the end of the RewriteRule line, the BCTLS flag must be added to the end of the line with the square brackets: [BCTLS]
NB! Since the security vulnerability is mainly related to proxy queries (if your RewriteRule has a P flag), there is no point in adding a [BCTLS] flag to RewriteRule rows that do not generate errors.