Hi Tomcat team, Earlier in the 9.x.x series, the pipe(|) character was allowed with the AJP connector without doing any configuration change at our end, but now in 10.1.23, it is giving an error. Is this bug from the Tomcat side, or do we need any configuration changes at our end?
-- Thanks and Regards, Tushar Patil ________________________________ From: Christopher Schultz <[email protected]> Sent: Thursday, August 8, 2024 11:51 PM To: [email protected] <[email protected]> Subject: Re: Upgraded Tomcat 9.0.82 to 10.1.23 getting HTTP response 400 for pipe characters in URL [You don't often get email from [email protected]. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Chuck, On 8/8/24 09:58, Chuck Caldarale wrote: > >> On Aug 8, 2024, at 08:46, Christopher Schultz <[email protected]> >> wrote: >> >> On 8/8/24 05:20, Patil, Tushar wrote: >>> In older version [9.0.82]: >>> <Connector port="8010" protocol="org.apache.coyote.ajp.AjpNioProtocol" >>> secure="false" requiredSecret="388438" address="127.0.0.1" >>> tomcatAuthentication="false" enableLookups="false" >>> maxPostSize="-1" maxSavePostSize="8388608" maxParameterCount="-1" >>> useBodyEncodingForURI="true" URIEncoding="UTF-8" >>> backlog="100" packetSize="8192" >>> maxThreads="320" minSpareThreads="8"/> >>> In newer version[10.1.23]: >>> <Connector port="8010" protocol="org.apache.coyote.ajp.AjpNioProtocol" >>> secure="false" requiredSecret="904746" address="127.0.0.1" >>> tomcatAuthentication="false" enableLookups="false" >>> maxPostSize="-1" maxSavePostSize="8388608" maxParameterCount="-1" >>> useBodyEncodingForURI="true" URIEncoding="UTF-8" >>> acceptCount="100" packetSize="8192" >>> maxThreads="320" minSpareThreads="8" >>> discardFacades="false"/> >> >> IMPORTANT NOTE: You have posted your "requiredSecret" value and may want to >> change that now that it is public. >> >> I'm not sure why you would not have needed these in the past, but you might >> need to add relaxedPathChars="|" in your <Connector> configuration to allow >> these pipes. >> >> If the pipes are also appearing in your query string, you may need to set >> relaxedQueryChars to the same value. > > > The AJP connector documentation does not show relaxedPathChars nor > relaxedQueryChars as valid configuration items - these are only in the > HTTP/1.1 connector. I thought that the AJP connector expected the front end > to do URL validation. +1 I hadn't noticed the AJP in there until after I had written most of the reply, then went back to add info about the secret and reverse proxy. Oops. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
