https://issues.apache.org/bugzilla/show_bug.cgi?id=52774

--- modules/mappers/mod_rewrite.c	Mon Aug 20 10:22:53 2012
+++ modules/mappers/mod_rewrite.c	Tue Sep 18 04:02:33 2012
@@ -4319,14 +4319,29 @@
     /* Unless the anyuri option is set, ensure that the input to the
      * first rule really is a URL-path, avoiding security issues with
      * poorly configured rules.  See CVE-2011-3368, CVE-2011-4317. */
+    /*
+     * We believe that URI starting with "http://" is valid and thus we fork
+     * here little bit from upstream. I'm intentionally not optimizing
+     * following if statement to keep changes against upstream clear.
+     * See also: https://issues.apache.org/bugzilla/show_bug.cgi?id=52774
+     */
     if ((dconf->options & OPTION_ANYURI) == 0
         && ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0')
-            || !r->uri || r->uri[0] != '/')) {
+            || !r->uri)) {
         rewritelog((r, 8, NULL, "Declining, request-URI '%s' is not a URL-path. "
                     "Consult the manual entry for the RewriteOptions directive "
                     "for options and caveats about matching other strings.",
                     r->uri));
         return DECLINED;
+    } else if ((dconf->options & OPTION_ANYURI) == 0 && r->uri[0] != '/') {
+        if (strncmp(r->uri, "http://" , 7) != 0 && 
+            strncmp(r->uri, "https://", 8 )!= 0) {
+              rewritelog((r, 8, NULL, "Declining, request-URI '%s' is not a URL-path. "
+                          "Consult the manual entry for the RewriteOptions directive "
+                          "for options and caveats about matching other strings.",
+                          r->uri));
+             return DECLINED;
+        }
     }
 
     /*