Hi Tomcat team, Earlier in the 9.x.x series, the pipe(|) character was allowed with the AJP connector without doing any configuration change at our end, but now in 10.1.23, it is giving an error. Is this bug from the Tomcat side, or do we need any configuration changes at our end?
-- Thanks and Regards, Tushar Patil ________________________________ From: Christopher Schultz <ch...@christopherschultz.net> Sent: Thursday, August 8, 2024 11:51 PM To: users@tomcat.apache.org <users@tomcat.apache.org> Subject: Re: Upgraded Tomcat 9.0.82 to 10.1.23 getting HTTP response 400 for pipe characters in URL [You don't often get email from ch...@christopherschultz.net. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Chuck, On 8/8/24 09:58, Chuck Caldarale wrote: > >> On Aug 8, 2024, at 08:46, Christopher Schultz <ch...@christopherschultz.net> >> wrote: >> >> On 8/8/24 05:20, Patil, Tushar wrote: >>> In older version [9.0.82]: >>> <Connector port="8010" protocol="org.apache.coyote.ajp.AjpNioProtocol" >>> secure="false" requiredSecret="388438" address="127.0.0.1" >>> tomcatAuthentication="false" enableLookups="false" >>> maxPostSize="-1" maxSavePostSize="8388608" maxParameterCount="-1" >>> useBodyEncodingForURI="true" URIEncoding="UTF-8" >>> backlog="100" packetSize="8192" >>> maxThreads="320" minSpareThreads="8"/> >>> In newer version[10.1.23]: >>> <Connector port="8010" protocol="org.apache.coyote.ajp.AjpNioProtocol" >>> secure="false" requiredSecret="904746" address="127.0.0.1" >>> tomcatAuthentication="false" enableLookups="false" >>> maxPostSize="-1" maxSavePostSize="8388608" maxParameterCount="-1" >>> useBodyEncodingForURI="true" URIEncoding="UTF-8" >>> acceptCount="100" packetSize="8192" >>> maxThreads="320" minSpareThreads="8" >>> discardFacades="false"/> >> >> IMPORTANT NOTE: You have posted your "requiredSecret" value and may want to >> change that now that it is public. >> >> I'm not sure why you would not have needed these in the past, but you might >> need to add relaxedPathChars="|" in your <Connector> configuration to allow >> these pipes. >> >> If the pipes are also appearing in your query string, you may need to set >> relaxedQueryChars to the same value. > > > The AJP connector documentation does not show relaxedPathChars nor > relaxedQueryChars as valid configuration items - these are only in the > HTTP/1.1 connector. I thought that the AJP connector expected the front end > to do URL validation. +1 I hadn't noticed the AJP in there until after I had written most of the reply, then went back to add info about the secret and reverse proxy. Oops. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
