How is 404 beter than 400? On Sat, Sep 9, 2017 at 9:46 AM, Yuval Schwartz <yuval.schwa...@gmail.com> wrote:
> Tomcat version:8.0.43 > jdk1.8.0_05 > > Hello, > > I've asked a similar question in the past about illegal characters in the > http request header (May 15, 2017). > > Certain users are able to send http requests to my server that contain the > space character. > This character is obviously not allowed. Tomcat recognizes it and throws an > IllegalArgumentException and a http response code 400 is returned to the > client. > From my logs: > > > > *Error parsing HTTP request header...* > *java.lang.IllegalArgumentException: Invalid character found in the > request > target. The valid characters are defined in RFC 7230 and RFC 3986* > > Is there any way to validate the url before it reaches tomcat so that I can > return a 404 if an invalid character is found in the url? I would just like > to avoid exceptions being thrown where possible. > > Thank you. >
