You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Robert Hicks <ro...@gmail.com> on 2020/03/04 20:20:03 UTC
Tomcat 9 : relaxedQueryChars
We are getting the following over and over in our catalina.out file:
java.lang.IllegalArgumentException: Invalid character found in the request
target. The valid characters are defined in RFC 7230 and RFC 3986
Our server.xml has the following copied from an online search I think:
relaxedQueryChars="[]|{}^\`"<>"
However, the docs say that only the following are valid and others are
ignored:
" < > [ \ ] ^ ` { | }
Do the characters have to be exactly like that instead of encoding them?
For example:
relaxedQueryChars= " < > [ \ ] ^ ` { | }
I found something else that said the following might also help in
catalina.properties:
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
Thanks for any help.
--
Bob
Re: Tomcat 9 : relaxedQueryChars
Posted by Robert Hicks <ro...@gmail.com>.
On Wed, Mar 4, 2020 at 4:46 PM Mark Thomas <ma...@apache.org> wrote:
> On 04/03/2020 20:20, Robert Hicks wrote:
> > We are getting the following over and over in our catalina.out file:
> >
> > java.lang.IllegalArgumentException: Invalid character found in the
> request
> > target. The valid characters are defined in RFC 7230 and RFC 3986
>
> Do you know what URIs are triggering those?
>
> We recently improved the HTTP header logging to report invalid
> characters in %nn form. We could add that to this exception message so
> you have some chance of figuring out what the issue is.
>
> > Our server.xml has the following copied from an online search I think:
> >
> > relaxedQueryChars="[]|{}^\`"<>"
>
> That is all of the allowed characters.
>
> It is an attribute value so you'll need to encode at least " and <. Wjat
> you have above is fine.
>
> > I found something else that said the following might also help in
> > catalina.properties:
> >
> > org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
>
> I'd be very careful using that.
>
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Thanks Mark, we are going to figure out when we can up the logging level to
capture it and move from there.
--
Bob
Re: Tomcat 9 : relaxedQueryChars
Posted by Mark Thomas <ma...@apache.org>.
On 04/03/2020 20:20, Robert Hicks wrote:
> We are getting the following over and over in our catalina.out file:
>
> java.lang.IllegalArgumentException: Invalid character found in the request
> target. The valid characters are defined in RFC 7230 and RFC 3986
Do you know what URIs are triggering those?
We recently improved the HTTP header logging to report invalid
characters in %nn form. We could add that to this exception message so
you have some chance of figuring out what the issue is.
> Our server.xml has the following copied from an online search I think:
>
> relaxedQueryChars="[]|{}^\`"<>"
That is all of the allowed characters.
It is an attribute value so you'll need to encode at least " and <. Wjat
you have above is fine.
> I found something else that said the following might also help in
> catalina.properties:
>
> org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
I'd be very careful using that.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org