Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.