Fatal编程技术网
  • url/
  • Tomcat 9能否删除URL上的无效字符

Tomcat 9能否删除URL上的无效字符

url

Tomcat 9能否删除URL上的无效字符,url,tomcat9,invalid-characters,Url,Tomcat9,Invalid Characters,我注意到,如果用户有意在URL上输入一个无效的URL字符,例如“[”或“]”,Tomcat就会抛出一个异常。我使用的是JSP,页面代码永远不会达到允许清理或编码参数的程度。Tomcat是否可以自动编码或删除URL中的无效字符 Example: https://someserver.com?identNum=1234567[foobar] HTTP Status 400 – Bad Request Type Exception Report Message Invalid characte

我注意到,如果用户有意在URL上输入一个无效的URL字符,例如“[”或“]”,Tomcat就会抛出一个异常。我使用的是JSP,页面代码永远不会达到允许清理或编码参数的程度。Tomcat是否可以自动编码或删除URL中的无效字符

Example:  https://someserver.com?identNum=1234567[foobar]

HTTP Status 400 – Bad Request

Type Exception Report

Message Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

Description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

Exception

java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
    org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:467)
    org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:294)
    org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
    org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
    org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    java.base/java.lang.Thread.run(Thread.java:834)

Note The full stack trace of the root cause is available in the server logs.
抱歉,没有。无效请求被拒绝

您可以选择允许这些无效字符,但不建议这样做,因为这是不符合规范的行为。

如何允许?查找relaxedPathChars和relaxedQueryChars供文档参考HTTP连接器的选项为relaxedPathChars和relaxedQueryChars:为了防止Tomcat拒绝此类请求,可以使用此属性指定允许的其他字符。如果未指定,则不允许使用其他字符。该值可以是以下字符的任意组合:“<>[\]^`{124;}。该值中存在的任何其他字符都将被忽略。