On 3/23/21 6:25 PM, Mark Thomas wrote:
On 23/03/2021 16:09, Boris Petrov wrote:
Hi all,
I'm trying to figure out why Tomcat 9.0.44 seems to accept this URL:
https://some-domain.com/[foo: "bar@asd/qwe%25rty'zzzqqq{rrr|ttt]
Even when I haven't specified any "relaxedPathChars" (or when I
explicitly set it to an empty string). Note all the special
characters in it, including the space.
This is not the case with the embedded Tomcat. There this doesn't
work (and a status code of 400 is returned as expected).
What am I missing? Can you tell me where to start with debugging this?
Look at the access log. What URI did the client actually send?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Exactly the same as what I send:
[23/Mar/2021:18:00:51 +0200] "GET /[foo:
"bar@asd/qwe%25rty'zzzqqq{rrr|ttt] HTTP/2.0" 200 3440
I use this curl command:
curl -vvvkg "https://some-domain.com/[foo:
\"bar@asd/qwe%25rty'zzzqqq{rrr|ttt]"
Thanks!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
