You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Jan Riehn (JIRA)" <ji...@apache.org> on 2012/10/29 00:15:12 UTC

[jira] [Updated] (WICKET-4841) Frequently faked AJAX requests prevent monitoring

     [ https://issues.apache.org/jira/browse/WICKET-4841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Riehn updated WICKET-4841:
------------------------------

    Summary: Frequently faked AJAX requests prevent monitoring  (was: Frequent faked AJAX requests prevent monitoring)
    
> Frequently faked AJAX requests prevent monitoring
> -------------------------------------------------
>
>                 Key: WICKET-4841
>                 URL: https://issues.apache.org/jira/browse/WICKET-4841
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 1.5.8
>            Reporter: Jan Riehn
>
> Hello,
> currently we've got a problem with faked ajax requests. these ajax 
> requests misses some parameters, but the wicket-ajax header flag is set. 
> So ServletWebRequest throws an exception:
> java.lang.IllegalStateException: Current ajax request is missing the base url header or parameter
>          at org.apache.wicket.util.lang.Checks.notNull(Checks.java:38)
>          at org.apache.wicket.protocol.http.servlet.ServletWebRequest.getClientUrl(ServletWebRequest.java:171)
>          at org.apache.wicket.request.UrlRenderer.<init>(UrlRenderer.java:59)
> These faked requests are so massive, that our application is no longer 
> monitorable. Our workaround rejects these requests via apache config. 
> Instead of logging an exception, in deployment mode wicket should log a warning and reject the request

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira