You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Bhavesh Mistry <mi...@gmail.com> on 2020/03/04 21:53:35 UTC

Tomcat 9.0.31 Invalid character found in the request target

Hi Tomcat Team,

When there is invalid characters, it return error message with
stacktrace as shown below.  1) is there any way to costmize error
message ? if yes, please let me know.

2) Is there any way to spress stack-trace being shown on 400 bad request ?

3) Based on Accept header (application/json), can JSON error be
constructed instead of html since client request application/json ?

Thank you for help in advance.

Thanks,

Bhavesh

Request :
===========
GET /API/?where=type*!*%3d1%20UNION%20SELECT%20version(),null,null,null&deep=true&offset=0&limit=10
HTTP/1.1
Host: 10.192.58.135
Connection: close*Accept: application/json*
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122
Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9







Response :
=============
HTTP/1.1 400
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1988
Date: Sun, 01 Mar 2020 06:09:41 GMT
Connection: close

<!doctype html><html lang="en"><head><title>HTTP Status 400 – Bad
Request</title><style type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a
{color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP
Status 400 – Bad Request</h1><hr class="line" /><p><b>Type</b>
Exception Report</p><p><b>Message</b> Invalid character found in the
request target. The valid characters are defined in RFC 7230 and RFC
3986</p><p><b>Description</b> The server cannot or will not process
the request due to something that is perceived to be a client error
(e.g., malformed request syntax, invalid request message framing, or
deceptive request
routing).</p><p><b>Exception</b></p><pre>java.lang.IllegalArgumentException:
Invalid character found in the request target. The valid characters
are defined in RFC 7230 and RFC 3986
	org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:469)
	org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:260)
	org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
	org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
	org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	java.base&#47;java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	java.base&#47;java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	java.base&#47;java.lang.Thread.run(Thread.java:834)
</pre><p><b>Note</b> The full stack trace of the root cause is
available in the server logs.</p><hr class="line" /><h3>Apache Tomcat
Version X</h3></body></html>

Re: Tomcat 9.0.31 Invalid character found in the request target

Posted by Martin Grigorov <mg...@apache.org>.

Hi,

On Wed, Mar 4, 2020 at 11:53 PM Bhavesh Mistry <mi...@gmail.com>
wrote:

> Hi Tomcat Team,
>
> When there is invalid characters, it return error message with
> stacktrace as shown below.  1) is there any way to costmize error
> message ? if yes, please let me know.
>
> 2) Is there any way to spress stack-trace being shown on 400 bad request ?
>
> 3) Based on Accept header (application/json), can JSON error be
> constructed instead of html since client request application/json ?
>

This error is reported by ErrorReportValve.
You can disable it and/or replace it with one that reports the way you need
it.

Martin


> Thank you for help in advance.
>
> Thanks,
>
> Bhavesh
>
> Request :
> ===========
> GET
> /API/?where=type*!*%3d1%20UNION%20SELECT%20version(),null,null,null&deep=true&offset=0&limit=10
> HTTP/1.1
> Host: 10.192.58.135
> Connection: close*Accept: application/json*
> Sec-Fetch-Dest: empty
> X-Requested-With: XMLHttpRequest
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122
> Safari/537.36
> Sec-Fetch-Site: same-origin
> Sec-Fetch-Mode: cors
> Accept-Encoding: gzip, deflate
> Accept-Language: en-US,en;q=0.9
>
>
>
>
>
>
>
> Response :
> =============
> HTTP/1.1 400
> Content-Type: text/html;charset=utf-8
> Content-Language: en
> Content-Length: 1988
> Date: Sun, 01 Mar 2020 06:09:41 GMT
> Connection: close
>
> <!doctype html><html lang="en"><head><title>HTTP Status 400 – Bad
> Request</title><style type="text/css">body
> {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
> {color:white;background-color:#525D76;} h1 {font-size:22px;} h2
> {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a
> {color:black;} .line
>
> {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP
> Status 400 – Bad Request</h1><hr class="line" /><p><b>Type</b>
> Exception Report</p><p><b>Message</b> Invalid character found in the
> request target. The valid characters are defined in RFC 7230 and RFC
> 3986</p><p><b>Description</b> The server cannot or will not process
> the request due to something that is perceived to be a client error
> (e.g., malformed request syntax, invalid request message framing, or
> deceptive request
>
> routing).</p><p><b>Exception</b></p><pre>java.lang.IllegalArgumentException:
> Invalid character found in the request target. The valid characters
> are defined in RFC 7230 and RFC 3986
>
> org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:469)
>
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:260)
>
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
>
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
>         org.apache.tomcat.util.net
> .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
>         org.apache.tomcat.util.net
> .SocketProcessorBase.run(SocketProcessorBase.java:49)
>
> java.base&#47;java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
>
> java.base&#47;java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
>
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>         java.base&#47;java.lang.Thread.run(Thread.java:834)
> </pre><p><b>Note</b> The full stack trace of the root cause is
> available in the server logs.</p><hr class="line" /><h3>Apache Tomcat
> Version X</h3></body></html>
>