Re: Problem with tomcat connector in IIS using tomcat 9.0.31

Mon, 09 Mar 2020 14:50:52 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Matthias,

On 3/9/20 09:43, Matthias Fechner wrote:
> Am 04.03.2020 um 09:17 schrieb Martin Grigorov:
>> Please read this discussion:
>> https://lists.apache.org/thread.html/r9f3a2ea48f2e76f7c092ea2dc4caec7
d15c86f7773281ef6c8cdb817%40%3Cusers.tomcat.apache.org%3E
>>
>>
<https://markmail.org/message/kmx6krqtduqma7jj>
>> The problem and a workaround are explained here:
>> https://lists.apache.org/thread.html/r3720861ca584c0b6794cb8bfffafa18
fa67b514f3df47ce7ea5329ef%40%3Cusers.tomcat.apache.org%3E
>
>>
> thanks, adding this fixed it:
>
> allowedRequestAttributesPattern=".*"

That's not a super-secure solution. You really should specify a
correct whitelist pattern instead of "accept all".

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5muhAACgkQHPApP6U8
pFiQjw//Sqv17ybqBJGsZaMynXAA/fFAfPyf+PknN6p+h+LMc8grPiSxM2Dpc6Tq
ISTYPT+4Pg2GDNBw3kkCTB2+7Z1t4hoetliprnDNJgtdR6WqhgcGhLv57RN+E18Z
fBN9S3gQMCGBwznSMqXnXtXMBJn/ayUIdjJDhwFC/BY++OcObh9UmNM8fkCRDwfy
7OcrP33oqY0Okhl+lYceb5700Yd6kTAbNP657UPjYXrQmbODIIbGmPlcmtOEU0T+
Re7UFpyYZBvBPqNc2DFI94A2EEn1Q/EhWCZvM2bOWdOyxCi0dZ4CVkQdH9VvNiUZ
X3hH4kCAK4NSa7N9Wfci/WOiiYDCHrkOPLyv38ZlsUA0HE2DHmr4c/bgvYLSGNB1
jZha5MuGlp7e80Xrj+ywR8TM+n8XkjX1t2phpVI3V9Lgcw+xa76DySCcIwHy3PZ3
eV1WEX7fAAhVJA4rp+WK1WuBoJ3wmio4wAKZ++5SbWhh8CR0dPXxSrDb2hextIKl
Ey+zz2mjNYIuz/DkaWbsTLzkL5DOfdWbjnOvKLLkZ/GoHsY9MDCpyKkCg/Pz1oky
jgEBX/s5hmqgBwF7TIbg3rEV2LLaR0A9XnUIau7UlCxgRSXYagWsKLy9NWZt1PkR
2sb37n/1z4MK9v2NUh6bM2N9/pOkRJQv9jEMvV47iAOJMnBMeEs=
=27B7
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to