Thanks for quick response and information.
Christopher
I tried the first option you mentioned from the following reference and
tried to redirect to an customized error page instead of letting the
geoserver application spit the exception. But may be I missed something in
implementation that did not work.
1. Copied urlrewritefilter-4.0.3.jar to Web-inf/lib
2. urlrewrite.xml in web-inf directory
<urlrewrite>
<rule enabled="true">
<condition type="query-string" operator="equal"></condition>
<from>WIDTH=[^0-9]+</from>
<to type="redirect">error.html</to>
</rule>
</urlrewrite>
And 3. in web.xml
<context-param>
<!-- see comments on the PARTIAL-BUFFER strategy -->
<!-- this sets the size of the buffer. default is "50" = 50kb -->
<param-name>PARTIAL_BUFFER_STRATEGY_SIZE</param-name>
<param-value>50</param-value>
</context-param>
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
<init-param>
<param-name>confPath</param-name>
<param-value>/WEB-INF/urlrewrite.xml</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
...
</context>
André Warnier
I would like to redirect such invalid requests to a dummy error page which
do nothing. I hope this can be done to just drop the invalid requests.
Thanks again
On Fri, Sep 6, 2019 at 3:44 PM André Warnier (tomcat) <a...@ice-sa.com> wrote:
> On 05.09.2019 20:58, Christopher Schultz wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > Praveen,
> >
> > On 9/5/19 05:07, praveen kumar wrote:
> >> Hello, I am working with an application called geoserver which
> >> works on Apache Tomcat server. Just for an idea for those who donot
> >> know, geoserver is an application that serves web map services.
> >> When I am calling this service I will be providing a few parameters
> >> about the map like layer name, height, width and so on.., Now my
> >> requirement is to restrict the values passed to these parameters
> >> Like for example for WIDTH it should only consider an integer, if a
> >> request having a string for WIDTH should not reach my application.
> >> I am looking for some redirect rules but I could not succeed. It
> >> would be great if some one can help or guide me on this.
> >
> > LOL this service doesn't actually sanitize its input? Yikes.
> >
> > The good news is that you can do this in a few ways.
> >
> > You have 3 options that I can see:
> >
> > 1. Use a redirect filter
> > 2. Use a reverse-proxy like Apache with some filtering configured
> > 3. Write it yourself
> >
> > In order to use a redirect filter, you will have to:
> >
> > a. Choose a redirect filter (e.g. Tomcat's rewrite[1] or Tuckey's
> > urlrewrite[2])
> > b. Configure it with a file. The configuration depends upon which
> > filter you choose
> > c. Bundle that filter+config with the application
> >
> > In order to use a reverse proxy, you'll need to:
> >
> > a. Choose a reverse proxy (e.g. Apache httpd, nginx, Squid, etc.)
> > b. Configure it properly (which depends upon your choice in (a) above)
> >
> > In order to write it yourself, you will have to:
> >
> > a. Write a servlet filter in Java
> > b. Package that filter into the application
> > c. Install that filter into the filter-chain by modifying the
> > application's WEB-INF/web.xml file
> >
> > Do you have a preference?
> >
> > - -chris
>
> +1, but I would have to add that first of all, Praveen should have a clear
> idea of /what
> he thinks should happen/, if one of the request parameters does not meet
> expectations.
> Saying that "the request should not make it to the application" is one
> thing, but what do
> you want to happen instead ?
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
