An escaped octet is encoded as a character triplet, consisting of the
percent character "%" followed by the two hexadecimal digits
representing the octet code. For example, "% 2 0" is the escaped
encoding for the US-ASCII space character.
Because the percent "%" character always has the reserved purpose of
being the escape indicator, it must be escaped as "% 2 5" in order to
be used as data within a URI. Implementers should be careful not to
escape or unescape the same string more than once, since unescaping
an already unescaped string might lead to misinterpreting a percent
data character as another escaped character, or vice versa in the
case of escaping an already escaped string.
That is quoted from
RFC 2396 - Uniform Resource Identifiers (URI): Generic Syntax
PS. Remove the spaces from the sequences in quotes above.
Only thing I can think of might be the mod_security checking for suspiciously encoded URI, unless you are getting the escaping wrong.
OK Found one of the URLs you must be having trouble with:
Yup, the escaping is wrong. The last parameter should be written as
Perl / MySQL / HTML CSS