【Tomcat】Invalid character found in the request target
来源:互联网 发布:中国工业企业数据库 编辑:程序博客网 时间:2024/06/03 15:41
Tomcat接收到的请求的URI中包含了不合法的字符,比如 { } ( ) ^ ` \ | # \\
这是典型的400错误,不合法的请求,根据RFC (Request Format Comment)文档的规定,以上字符不能被用在Request Header,也就是request的URI中。
我遇到这个问题是两个tomcat应用之间通讯时发送了一个请求,这个请求包含片段.*\.(css|js|jpg|jpeg|png|gif|ico|woff)$,
很显然,这个请求中包含 \ ( | 这三个不合法的字符;转义是不能解决问题的;因为tomcat会对请求中每个字符都进行检查;
我的解决办法就是 将 .*\.(css|js|jpg|jpeg|png|gif|ico|woff)$ 换成 .*tpl$,.*css$,.*js$,.*jpg$,.*jpeg$,.*bmp$,.*png$,.*gif$,.*ico$,.*woff$
查看tomcat源码
apache-tomcat-7.0.73-src\java\org\apache\coyote\http11\InternalInputBuffer.java
public class InternalInputBuffer extends AbstractInputBuffer<Socket> { ....省略 /** * Read the request line. This function is meant to be used during the * HTTP request header parsing. Do NOT attempt to read the request body * using it. * * @throws IOException If an exception occurs during the underlying socket * read operations, or if the given buffer is not big enough to accommodate * the whole line. */ @Override public boolean parseRequestLine(boolean useAvailableDataOnly) throws IOException { ...省略 // // Reading the URI // boolean eol = false; while (!space) { // Read new bytes if needed if (pos >= lastValid) { if (!fill()) throw new EOFException(sm.getString("iib.eof.error")); } // Spec says single SP but it also says be tolerant of HT if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) { space = true; end = pos; }else if (HttpParser.isNotRequestTarget(buf[pos])) {
//如果请求参数中的字符不是被允许的字符,则抛异常 HttpParser这个类 看下面代码片 throw new IllegalArgumentException(sm.getString("iib.invalidRequestTarget")); } pos++; } ... 省略 return true; }}
apache-tomcat-7.0.73-src\java\org\apache\tomcat\util\http\parser\HttpParser.java
private static final int ARRAY_SIZE = 128;
private static final boolean[] IS_NOT_REQUEST_TARGET = new boolean[ARRAY_SIZE];
static { // Digest field types.for (int i = 0; i < ARRAY_SIZE; i++) { // Control> 0-31, 127 if (i < 32 || i == 127) { IS_CONTROL[i] = true; }// Not valid for request target. // Combination of multiple rules from RFC7230 and RFC 3986. Must be // ASCII, no controls plus a few additional characters excluded // 不合法的字符在这里都会导致请求不合法而抛异常 请求失败 if (IS_CONTROL[i] || i > 127 || i == ' ' || i == '\"' || i == '#' || i == '<' || i == '>' || i == '\\' || i == '^' || i == '`' || i == '{' || i == '|' || i == '}') { IS_NOT_REQUEST_TARGET[i] = true; } } }
HTTP协议说到底只是一个OSI应用层通讯的标准,在tomcat源码中对HTTP进行了实现,可能在一些Tomcat版本中没有实现对请求字符的限制,可以预见,在Tomcat7.0.64之后的版本以及 Tomcat8、9都会对请求头的字符进行限制。
- 【Tomcat】Invalid character found in the request target
- Invalid character found in the request target 问题解决
- 日常报错 Invalid character found in the request target.
- java.lang.IllegalArgumentException: Invalid character found in the request target.
- Invalid character found in the request target. 的解决办法
- Tomcat 8.5 400错误:Invalid character found in the request target. 问题解决方法
- Tomcat 400错误:Invalid character found in the request target. 问题解决方法
- 解决Tomcat报Invalid character found in the request target. The valid characters are defined in RFC 3986
- 异常:Invalid character found in the request target. The valid characters are defined in RFC 3986
- 异常:Invalid character found in the request target. The valid characters are defined in RFC 3986
- 异常:Invalid character found in the request target. The valid characters are defined in RFC 3986
- java.lang.IllegalArgumentException: Invalid character found in the request target. The valid charact
- java.lang.IllegalArgumentException: Invalid character found in the request target. The valid charact
- 解决在Tomcat7.0以上版本,Invalid character found in the request target问题
- url传参时报java.lang.IllegalArgumentException: Invalid character found in the request target.
- Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC
- Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC
- invalid character found in the request target the valid characters are defined in rfc 7230 and rfc 3
- 【Win10】正常上网但ping不通外网
- 【Regular Expression】RE分类及案例
- [Linux] Desktop Management
- [Firewall] iptables Configuration
- 【反向代理】图解
- 【Tomcat】Invalid character found in the request target
- install redis
- Words used when reading Redis documents
- Eclipse中将Java项目转换成Web项目的方法
- 查看端口占用
- sed 实践案例 (不定期更新)
- Exception in thread "http-nio-8083-exec-5" 异常
- 【Tomcat】重新獲得war包
- 决策树demo(python)