Thanks Chris for your quick response. Please accept my apology for delayed response as I was out of town.
As per my design we are already using nginx in front of tomcat. So a request from browser will land on nginx & then it will redirect it to tomcat. We are having a location in nginx where we are appending $host & $sever_port in host separated by :. What we have observed that, when a request will come from browser then we are properly getting hostname and server port. And hence we are getting proper url. We do have a healthcheck call internally originated from nginx to tomcat to check the health of the system, in this case we are not having any valid $host & $server_port and hence only static : is passing to tomcat. In our earlier version i.e. 8.5.24 it was supporting :, but now in 9.0.29 it is not allowing and hence throwing 404. So my ask is that if there is any flag or way by which we can handle this specific scenario then it will be a great help. Your thoughts and inputs are highly welcome. On Fri, Dec 6, 2019, 3:41 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Mark and Kushagra, > > On 12/5/19 13:11, Mark Thomas wrote: > > On 05/12/2019 17:10, Kushagra Bindal wrote: > >> Thanks Mark for your response. > >> > >> In which version tomcat has introduced these restrictions > > > > Check the changelog. Look for "validation". > > > >> and is there any available documentation around such cases which > >> could help me in understanding the nature of restrictions. > > > > RFC 3986, section 3.2.2 and references. > > You may be able to work-around these issues with a reverse-proxy such > as Apache httpd, nginx, etc. > > Using tools such as mod_rewrite (or simple tools, depending upon your > needs), you should be able to "fix" broken clients' requests before > they get to Tomcat. > > The real solution is to fix your apparently very broken clients. > > - -chris > > >> On Thu, Dec 5, 2019, 10:31 PM Mark Thomas <ma...@apache.org> > >> wrote: > >> > >>> On 05/12/2019 16:58, Kushagra Bindal wrote: > >>>> Hi Mark > >>>> > >>>> Yes that's correct that we are getting this error after > >>>> startup. Actually in one of my url I am having extra : and > >>>> thus resulting in failure. Same url was working properly in > >>>> 8.5.24 version. Actually I can understand > >>> that > >>>> this is not a good practice to have extra : but making such > >>>> changes could result into regression in application. > >>>> > >>>> So is there a way by which I can apply some setting like > >>>> escape character or something which could help me in > >>>> resolving this issue? > >>> > >>> Sorry, no. Requests with invalid host names are always > >>> rejected. > >>> > >>> Mark > >>> > >>> > >>>> > >>>> On Wed, Dec 4, 2019, 4:23 PM Mark Thomas <ma...@apache.org> > >>>> wrote: > >>>> > >>>>> On 04/12/2019 05:19, Kushagra Bindal wrote: > >>>>>> Hi, > >>>>>> > >>>>>> I tried to upgrade my tomcat on OpenAM from 8.5.24 to > >>>>>> 9.0.29 version > >>> and > >>>>> I > >>>>>> got below error in catalina.out during startup itself. > >>>>> > >>>>> That stack trace shows that this error is in response to an > >>>>> incoming request, not part of the start-up sequence. > >>>>> > >>>>>> [http-nio-8080-exec-7] > >>>>>> org.apache.coyote.AbstractProcessor.parseHost > >>> The > >>>>>> host [:] is not valid > >>>>> > >>>>> You have a broken client that is presenting an invalid Host > >>>>> header. If you want the error to go away, fix the broken > >>>>> client. > >>>>> > >>>>> Mark > >>>>> > >>>>> ------------------------------------------------------------------ > - --- > >>>>> > >>>>> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>>>> For additional commands, e-mail: > >>>>> users-h...@tomcat.apache.org > >>>>> > >>>>> > >>>> > >>> > >>> > >>> -------------------------------------------------------------------- > - - > >>> > >>> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>> > >>> > >> > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3pgIwACgkQHPApP6U8 > pFjrrw/7BM39u/Z8BhWNOUKrKubmO9ENKV0ldCdSa/qoxTwPKXmDMa05Iiy1iQne > OAp8SA3AfZMpAoTvfCEOy7ncB4rOdJTo+bSgOfErVdiBdYokkUehEFkYzaiaUpEA > CknCzfcyWPM8rDZG1mCYm76kOe017sDCrcnV/nUcsdVqQ7fMY28k2PYBSrAziOfG > rDSALl3DFObYDoznvV/qwfNP2Ns6Utd9+2qXctMFtjDrQDOY5j9Rn2BPJaCeqgOo > HbjJYecC+dx9fV+v4Dc4CoC64u1LQzunBy7KIE/f9tuYoWtBur0xMoMc1+CqzSAQ > fhWQtfcSUsvqVNh4OFvxJc0kvPZSkB6QDVpOAo74nKhe4PcnWfoMg0Lx6EtCjaUO > 5JoLew404q+pKyhb/0txmrMsrAF+GCPXs4q6ft4bi7HjIirQUAgYc8Mk1WMI9cDx > APN7G6FrU8Mcfg5qEaTywl0X5su5i+2XxXvOz6py5si2RZe0l7Gc4iLbml10SG+X > cAIAh+QSCCZfCd7DNCPNrsrzFI0h2xgst8NKdL1pOjkK/40GMEi0voDktzjDhw+6 > S9GdGE9DTl/z3Mxtd52tlyqvFRenS7VYv6ftHyhx0doAxC+4ozBEDh/qInmmeMhH > 2/IKZ3CqDfnfasUjNxsuqg/DXjWekzwkDrHkSYMif0SJZAg8zQA= > =QpXg > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
