Erik Onnen wrote: > Verified on 6.0.16 and 6.0.18, 2.6.24 Linux kernel, JVM 1.6.0_10-beta. When > I attempt to encode a "\" character into a url resulting in a %5C in the URL > on the wire, I'm seeing a 400 from the server and none of my code is hit. > I've tried URLEncoding="UTF-8" on the connector with no luck. Same URL > serves fine on Jetty6. Other encoded, non-URL safe chars seem to work fine. > > A sample of the URL on the wire looks like: > > GET /people/s%5Clash > > I'm hoping someone can tell me I've encoded the URL wrong and that Tomcat is > doing the correct thing. Anybody seen similar issues? > http://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH There are potential security issues of enabling this if Tomcat is behind a proxy. See http://tomcat.apache.org/security-6.html CVE-2007-0450 for details. Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
