tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: HTTP/1.x 400 Invalid URI: noSlash
Date Mon, 21 Jan 2008 20:38:03 GMT
Hi Adrian,

Adrian.Blakey@kp.org schrieb:
> Should it be normal behavior to return the response: HTTP/1.x 400 Invalid 
> URI: noSlash 
> 
> To the request: GET/bar/foo%3A%2F%2Fxx.org%2Fencs%3Fenc%3D100%23101
> 
> Note: Unencoded it is: GET /bar/foo://xx.org/encs?enc=101#101
> 
> Tomcat 6.0.14 jdk 1.5
> 
> Is this a defect? Could someone explain how this URI is being parsed? And 
> how can I pass a URI within an http URL, without it either being mangled 
> or rejected?

Could be the following, included in the page

http://tomcat.apache.org/security-6.html

The following Java system properties have been added to Tomcat to 
provide additional control of the handling of path delimiters in URLs 
(both options default to false):

     * org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH: true|false
     * org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH: 
true|false

So I would add

-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true

to your startup options (if you really need encoded slashes).

> Adrian Blakey

Not sure, if the other encodings will be a problem, but try with this 
system property first.

Regards,

Rainer

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message