java - Why is this URL returning error 400 from Tomcat?

Question

Welcome To Ask or Share your Answers For Others

java - Why is this URL returning error 400 from Tomcat?

asked Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

java - Why is this URL returning error 400 from Tomcat?

I have a Tomcat server running Java servlets. I'm trying to make a servlet that returns stored files, given their encrypted IDs.

ID: 100

Encrypted ID: +e4/E5cR/aM=

URL-encoded ID: %2Be4%2FE5cR%2FaM%3D

Resulting URL: http://localhost/file/demo/%2Be4%2FE5cR%2FaM%3D

When I try to follow that link, I don't even get into my servlet's code - the server returns this error: Failed to load resource: the server responded with a status of 400 (Bad Request)

What's wrong with this URL that's making Tomcat reject it before reaching my code? I ran it though a URL-encoder, and I don't see any invalid characters in it.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Answer

深蓝 · Answer 1 · 2021-10-23T18:21:41+0000

You have slash "/" encoded in the url. Apache doesn't allow them due to potential atacks. There is setting to allow them:

System.setProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH", "true");

or

-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true

See similar post.

Categories

java - Why is this URL returning error 400 from Tomcat?

java - Why is this URL returning error 400 from Tomcat?

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags