Apache behaves correctly (in principle). From RFC 2396 section 3.3: 'The path may consist of a sequence of path segments separated by a single slash "/" character. Within a path segment, the characters "/", ";", "=", and "?" are reserved.'  This means '&' is a reserved character only in the query part after the '?', but not before the '?' in the path part of the URL. I am not sure how this helps you, though ;-). But I guess if you take something from the path part and put it into the query part, you have to escape everything that is reserved in the query part but not in the path part (i.e. ":", "@", "&", "+", ",", "=", and "$"). Cheers, Stefan  The RFC seems to be inconsistent, it is not clear whether "=" is reserved in the path part or not.
Description: PGP signature