subject:"Tomcat 9 \: relaxedQueryChars"

Re: Tomcat 9 : relaxedQueryChars

2020-03-05 Thread Robert Hicks

On Wed, Mar 4, 2020 at 4:46 PM Mark Thomas  wrote:

> On 04/03/2020 20:20, Robert Hicks wrote:
> > We are getting the following over and over in our catalina.out file:
> >
> > java.lang.IllegalArgumentException: Invalid character found in the
> request
> > target. The valid characters are defined in RFC 7230 and RFC 3986
>
> Do you know what URIs are triggering those?
>
> We recently improved the HTTP header logging to report invalid
> characters in %nn form. We could add that to this exception message so
> you have some chance of figuring out what the issue is.
>
> > Our server.xml has the following copied from an online search I think:
> >
> > relaxedQueryChars="[]|{}^"
>
> That is all of the allowed characters.
>
> It is an attribute value so you'll need to encode at least " and <. Wjat
> you have above is fine.
>
> > I found something else that said the following might also help in
> > catalina.properties:
> >
> > org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
>
> I'd be very careful using that.
>
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
Thanks Mark, we are going to figure out when we can up the logging level to
capture it and move from there.

--
Bob

Re: Tomcat 9 : relaxedQueryChars

2020-03-04 Thread Mark Thomas

On 04/03/2020 20:20, Robert Hicks wrote:
> We are getting the following over and over in our catalina.out file:
> 
> java.lang.IllegalArgumentException: Invalid character found in the request
> target. The valid characters are defined in RFC 7230 and RFC 3986

Do you know what URIs are triggering those?

We recently improved the HTTP header logging to report invalid
characters in %nn form. We could add that to this exception message so
you have some chance of figuring out what the issue is.

> Our server.xml has the following copied from an online search I think:
> 
> relaxedQueryChars="[]|{}^"

That is all of the allowed characters.

It is an attribute value so you'll need to encode at least " and <. Wjat
you have above is fine.

> I found something else that said the following might also help in
> catalina.properties:
> 
> org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true

I'd be very careful using that.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 9 : relaxedQueryChars

2020-03-04 Thread Robert Hicks

We are getting the following over and over in our catalina.out file:

java.lang.IllegalArgumentException: Invalid character found in the request
target. The valid characters are defined in RFC 7230 and RFC 3986

Our server.xml has the following copied from an online search I think:

relaxedQueryChars="[]|{}^"


However, the docs say that only the following are valid and others are
ignored:


" < > [ \ ] ^ ` { | }


Do the characters have to be exactly like that instead of encoding them?
For example:


relaxedQueryChars= " < > [ \ ] ^ ` { | }


I found something else that said the following might also help in
catalina.properties:


org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true


Thanks for any help.


--

Bob

Re: Tomcat 9 relaxedQueryChars format

2019-11-29 Thread Robert Hicks

Yeah, I read that and I will talk to my co-admin about it.

Thanks!

On Fri, Nov 29, 2019 at 10:43 AM M. Manna  wrote:

> To clarify (along with my last reply) - what you are trying to do is not
> correct. The tomcat documentation confirms that only the following are
> allowed
>
> The HTTP/1.1 specification 
> requires
> > that certain characters are %nn encoded when used in URI query strings.
> > Unfortunately, many user agents including all the major browsers are not
> > compliant with this specification and use these characters in unencoded
> > form. To prevent Tomcat rejecting such requests, this attribute may be
> used
> > to specify the additional characters to allow. If not specified, no
> > additional characters will be allowed. The value may be any combination
> of
> > the following characters: " < > [ \ ] ^ ` { | } . Any other characters
> > present in the value will be ignored.
>
>
> On Fri, 29 Nov 2019 at 15:39, M. Manna  wrote:
>
> > Robert,
> >
> > On Fri, 29 Nov 2019 at 15:28, Robert Hicks 
> wrote:
> >
> >> What is the correct format?
> >>
> >> I see the following used when I do a search:
> >>
> >> relaxedQueryChars="[,],{,}.|"
> >>
> >> relaxedQueryChars="[ ] { } |"
> >>
> >> relaxedQueryChars="[]|{}^"
> >>
> >> We use that last one. I am running down this error:
> >>
> >> java.lang.IllegalArgumentException: Invalid character found in the
> >> request target. The valid characters are defined in RFC 7230 and RFC
> >> 3986
> >>
> >> Thanks!
> >>
> >> --
> >>
> >>
> > This is a working version in Http11AprProtocol
> >
> > relaxedQueryChars="{[,:]|}"
> >
> >
> >
> >
> >> Bob
> >>
> >
>

Re: Tomcat 9 relaxedQueryChars format

2019-11-29 Thread M. Manna

To clarify (along with my last reply) - what you are trying to do is not
correct. The tomcat documentation confirms that only the following are
allowed

The HTTP/1.1 specification  requires
> that certain characters are %nn encoded when used in URI query strings.
> Unfortunately, many user agents including all the major browsers are not
> compliant with this specification and use these characters in unencoded
> form. To prevent Tomcat rejecting such requests, this attribute may be used
> to specify the additional characters to allow. If not specified, no
> additional characters will be allowed. The value may be any combination of
> the following characters: " < > [ \ ] ^ ` { | } . Any other characters
> present in the value will be ignored.


On Fri, 29 Nov 2019 at 15:39, M. Manna  wrote:

> Robert,
>
> On Fri, 29 Nov 2019 at 15:28, Robert Hicks  wrote:
>
>> What is the correct format?
>>
>> I see the following used when I do a search:
>>
>> relaxedQueryChars="[,],{,}.|"
>>
>> relaxedQueryChars="[ ] { } |"
>>
>> relaxedQueryChars="[]|{}^"
>>
>> We use that last one. I am running down this error:
>>
>> java.lang.IllegalArgumentException: Invalid character found in the
>> request target. The valid characters are defined in RFC 7230 and RFC
>> 3986
>>
>> Thanks!
>>
>> --
>>
>>
> This is a working version in Http11AprProtocol
>
> relaxedQueryChars="{[,:]|}"
>
>
>
>
>> Bob
>>
>

Re: Tomcat 9 relaxedQueryChars format

2019-11-29 Thread M. Manna

Robert,

On Fri, 29 Nov 2019 at 15:28, Robert Hicks  wrote:

> What is the correct format?
>
> I see the following used when I do a search:
>
> relaxedQueryChars="[,],{,}.|"
>
> relaxedQueryChars="[ ] { } |"
>
> relaxedQueryChars="[]|{}^"
>
> We use that last one. I am running down this error:
>
> java.lang.IllegalArgumentException: Invalid character found in the
> request target. The valid characters are defined in RFC 7230 and RFC
> 3986
>
> Thanks!
>
> --
>
>
This is a working version in Http11AprProtocol

relaxedQueryChars="{[,:]|}"




> Bob
>

Tomcat 9 relaxedQueryChars format

2019-11-29 Thread Robert Hicks

What is the correct format?

I see the following used when I do a search:

relaxedQueryChars="[,],{,}.|"

relaxedQueryChars="[ ] { } |"

relaxedQueryChars="[]|{}^"

We use that last one. I am running down this error:

java.lang.IllegalArgumentException: Invalid character found in the
request target. The valid characters are defined in RFC 7230 and RFC
3986

Thanks!

-- 

Bob

Re: Tomcat 9 : relaxedQueryChars

Re: Tomcat 9 : relaxedQueryChars

Tomcat 9 : relaxedQueryChars

Re: Tomcat 9 relaxedQueryChars format

Re: Tomcat 9 relaxedQueryChars format

Re: Tomcat 9 relaxedQueryChars format

Tomcat 9 relaxedQueryChars format

7 matches

Site Navigation

Mail list logo

Footer information