You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Ad...@kp.org on 2008/01/21 21:28:19 UTC
HTTP/1.x 400 Invalid URI: noSlash
Should it be normal behavior to return the response: HTTP/1.x 400 Invalid
URI: noSlash
To the request: GET/bar/foo%3A%2F%2Fxx.org%2Fencs%3Fenc%3D100%23101
Note: Unencoded it is: GET /bar/foo://xx.org/encs?enc=101#101
Tomcat 6.0.14 jdk 1.5
Is this a defect? Could someone explain how this URI is being parsed? And
how can I pass a URI within an http URL, without it either being mangled
or rejected?
Adrian Blakey
Re: HTTP/1.x 400 Invalid URI: noSlash
Posted by Ad...@kp.org.
This works - thank you.
Adrian Blakey
Rainer Jung <ra...@kippdata.de>
01/21/2008 12:38 PM
Please respond to
"Tomcat Users List" <us...@tomcat.apache.org>
To
Tomcat Users List <us...@tomcat.apache.org>
cc
Subject
Re: HTTP/1.x 400 Invalid URI: noSlash
Hi Adrian,
Adrian.Blakey@kp.org schrieb:
> Should it be normal behavior to return the response: HTTP/1.x 400
Invalid
> URI: noSlash
>
> To the request: GET/bar/foo%3A%2F%2Fxx.org%2Fencs%3Fenc%3D100%23101
>
> Note: Unencoded it is: GET /bar/foo://xx.org/encs?enc=101#101
>
> Tomcat 6.0.14 jdk 1.5
>
> Is this a defect? Could someone explain how this URI is being parsed?
And
> how can I pass a URI within an http URL, without it either being mangled
> or rejected?
Could be the following, included in the page
http://tomcat.apache.org/security-6.html
The following Java system properties have been added to Tomcat to
provide additional control of the handling of path delimiters in URLs
(both options default to false):
* org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH: true|false
* org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH:
true|false
So I would add
-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
to your startup options (if you really need encoded slashes).
> Adrian Blakey
Not sure, if the other encodings will be a problem, but try with this
system property first.
Regards,
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: HTTP/1.x 400 Invalid URI: noSlash
Posted by Rainer Jung <ra...@kippdata.de>.
Hi Adrian,
Adrian.Blakey@kp.org schrieb:
> Should it be normal behavior to return the response: HTTP/1.x 400 Invalid
> URI: noSlash
>
> To the request: GET/bar/foo%3A%2F%2Fxx.org%2Fencs%3Fenc%3D100%23101
>
> Note: Unencoded it is: GET /bar/foo://xx.org/encs?enc=101#101
>
> Tomcat 6.0.14 jdk 1.5
>
> Is this a defect? Could someone explain how this URI is being parsed? And
> how can I pass a URI within an http URL, without it either being mangled
> or rejected?
Could be the following, included in the page
http://tomcat.apache.org/security-6.html
The following Java system properties have been added to Tomcat to
provide additional control of the handling of path delimiters in URLs
(both options default to false):
* org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH: true|false
* org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH:
true|false
So I would add
-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
to your startup options (if you really need encoded slashes).
> Adrian Blakey
Not sure, if the other encodings will be a problem, but try with this
system property first.
Regards,
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org