I've two Apache servers running PHP. One accepts forward-slashes within the query string and passes it along to PHP within the expected way, for instance:

http://server/index.php?url=http://foo.bar

works as well as in PHP this expression holds true:

$_REQUEST['url'] == "http://foo.bar"

However, within the other Apache server, exactly the same URL produces a 403 Forbidden error! Observe that when the query string is correctly URL-steered clear of (i.e. with %2F rather than forward-slash), then everything works.

Clearly there's some difference within the Apache or PHP configuration that triggers this, however i can't evaluate which!

I wish to accept this type of URL in the two cases, not reject it.

http://server/index.php?url=http://foo.bar isn't a valid url. You need to scribe the slashes. I believe browsers do that automagically, so perhaps you had been testing with various browsers?

Or possibly it is the AllowEncodedSlashes setting?

Inside your Apache config:

AllowEncodedSlashes On

Begin to see the documentation to learn more: http://httpd.apache.org/paperwork/2.2/mod/core.html#allowencodedslashes

Edit: Hmm, this might be what you have working... I'd this same issue, and what wound up fixing it for me personally ended up being to only use $_SERVER['REQUEST_URI'] as which had the information I desired.

Have you got mod_security installed? Check this out thread:

403 Forbidden on PHP page known as with url encoded inside a $_GET parameter

This seems like another situation of default miracle_quotes_gpc. Around the server leading to problems look into the php.ini and make certain that

miracle_quotes_gpc = Off

You do not specify what PHP does with this particular url. Will it redirect for this page or attempt to see clearly?

There's most likely some mod_rewrite rule to get rid of double slashes, or to many other purpose, which attempts to redirect this to somewhere it shouldn't.

Perhaps a regex without ^ before http://

Observe that when the query string is correctly URL-steered clear of (i.e. with %2F rather than forward-slash), then everything works.

Therefore it works once the query string is correctly formatted and does not work if this is not. What is the problem?