You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Jan Riehn (JIRA)" <ji...@apache.org> on 2012/10/29 00:15:12 UTC
[jira] [Updated] (WICKET-4841) Frequently faked AJAX requests
prevent monitoring
[ https://issues.apache.org/jira/browse/WICKET-4841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Riehn updated WICKET-4841:
------------------------------
Summary: Frequently faked AJAX requests prevent monitoring (was: Frequent faked AJAX requests prevent monitoring)
> Frequently faked AJAX requests prevent monitoring
> -------------------------------------------------
>
> Key: WICKET-4841
> URL: https://issues.apache.org/jira/browse/WICKET-4841
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.5.8
> Reporter: Jan Riehn
>
> Hello,
> currently we've got a problem with faked ajax requests. these ajax
> requests misses some parameters, but the wicket-ajax header flag is set.
> So ServletWebRequest throws an exception:
> java.lang.IllegalStateException: Current ajax request is missing the base url header or parameter
> at org.apache.wicket.util.lang.Checks.notNull(Checks.java:38)
> at org.apache.wicket.protocol.http.servlet.ServletWebRequest.getClientUrl(ServletWebRequest.java:171)
> at org.apache.wicket.request.UrlRenderer.<init>(UrlRenderer.java:59)
> These faked requests are so massive, that our application is no longer
> monitorable. Our workaround rejects these requests via apache config.
> Instead of logging an exception, in deployment mode wicket should log a warning and reject the request
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira