uri-normalization

What problem does it solve?

URI/path normalization prevents security gaps where encoded or obfuscated path variants can slip past path-class ACL enforcement, especially via percent-encoding, double slashes, dot-segments, or path-parameter tricks.

Core Features & Use Cases

• Dual-view URI model (entry vs current): preserves the client’s raw entry path for audit/deny semantics while using a normalized current view for routing and ACL decisions.
• Always-on fixed normalization pipeline: applies a deterministic sequence (strip path parameters → percent-decode → merge slashes → remove dot-segments) to close traversal-style bypass vectors.
• Rewrite-safe cache synchronization: when rewrite plugins update the upstream URI via set_upstream_uri, the skill refreshes the normalized current-view cache so $path/$uri and route/ACL reads stay consistent.
• Security guarantee scope: provides explicit protection coverage and documents what is and is not guaranteed, including recommended high-security rejection settings.

Quick Start

Ask an engineer to enable and rely on URI normalization for every request entry so that ACLs and route matching always evaluate the normalized current path while audit logs retain the original entry URI.