ACO BadURLChars doesn't block /%2F from URL, request gets 404 from Apache instead of 500