Re: Upgraded Tomcat 9.0.82 to 10.1.23 getting HTTP response 400 for pipe characters in URL

Fri, 09 Aug 2024 02:13:06 -0700 

On 09/08/2024 09:28, Patil, Tushar wrote:

Hi Tomcat team,
Earlier in the 9.x.x series, the pipe(|) character was allowed with the AJP 
connector without doing any configuration change at our end, but now in 
10.1.23, it is giving an error.
Is this bug from the Tomcat side, or do we need any configuration changes at 
our end?



This is an application bug at your end. '|' is not a valid character in 
a URL. It has to be %nn encoded if you want to use it.


Mark





--
Thanks and Regards,
Tushar Patil
________________________________
From: Christopher Schultz <ch...@christopherschultz.net>
Sent: Thursday, August 8, 2024 11:51 PM
To: users@tomcat.apache.org <users@tomcat.apache.org>
Subject: Re: Upgraded Tomcat 9.0.82 to 10.1.23 getting HTTP response 400 for 
pipe characters in URL

[You don't often get email from ch...@christopherschultz.net. Learn why this is 
important at https://aka.ms/LearnAboutSenderIdentification ]

Chuck,

On 8/8/24 09:58, Chuck Caldarale wrote:



On Aug 8, 2024, at 08:46, Christopher Schultz <ch...@christopherschultz.net> 
wrote:

On 8/8/24 05:20, Patil, Tushar wrote:

In older version [9.0.82]:
      <Connector port="8010" protocol="org.apache.coyote.ajp.AjpNioProtocol" secure="false" 
requiredSecret="388438" address="127.0.0.1"
                 tomcatAuthentication="false" enableLookups="false" maxPostSize="-1" 
maxSavePostSize="8388608" maxParameterCount="-1"
                 useBodyEncodingForURI="true" URIEncoding="UTF-8" backlog="100" 
packetSize="8192"
                 maxThreads="320" minSpareThreads="8"/>
In newer version[10.1.23]:
<Connector port="8010" protocol="org.apache.coyote.ajp.AjpNioProtocol" secure="false" 
requiredSecret="904746" address="127.0.0.1"
                 tomcatAuthentication="false" enableLookups="false" maxPostSize="-1" 
maxSavePostSize="8388608" maxParameterCount="-1"
                 useBodyEncodingForURI="true" URIEncoding="UTF-8" acceptCount="100" 
packetSize="8192"
                 maxThreads="320" minSpareThreads="8" discardFacades="false"/>


IMPORTANT NOTE: You have posted your "requiredSecret" value and may want to 
change that now that it is public.

I'm not sure why you would not have needed these in the past, but you might need to add 
relaxedPathChars="|" in your <Connector> configuration to allow these pipes.

If the pipes are also appearing in your query string, you may need to set 
relaxedQueryChars to the same value.



The AJP connector documentation does not show relaxedPathChars nor 
relaxedQueryChars as valid configuration items - these are only in the HTTP/1.1 
connector. I thought that the AJP connector expected the front end to do URL 
validation.


+1

I hadn't noticed the AJP in there until after I had written most of the
reply, then went back to add info about the secret and reverse proxy. Oops.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to