On May 9, 2013, at 11:05 AM, Lutischán Ferenc wrote: > Dear Dan, > > Thanks for your suggestion. > I tried it, but it didn't work for me (Tomcat started with parameter: > -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true). > In my tomcat log: > 127.0.0.1 - - [09/May/2013:15:34:54 +0200] "GET /angol-magyar-szotar/w%5C > HTTP/1.1" 400 -
My fault, I think that you need this option as well. -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true I tried setting both to true and it worked for me. Dan > Regards, > Ferenc > > > Dear Dan, > > > > Thank for your reply. > > > > 1. This site is a dictionary: > > - Windows users often enter a "\" in place of "/" > > - Rarely there are "\" in the phrases > > I think what you're looking for is this... > > org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true > > https://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Security > <https://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Security> > > If you set it to true, it should allow '%2F' and '%5C' in your URL. > > This has security implications though. Please read the following link for > CVE-2007-0450. > > https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.10 > <https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.10> > > Dan > > On May 8, 2013, at 9:09 AM, Lutischán Ferenc wrote: > > > Dear Dan, > > > > Thank for your reply. > > > > 1. This site is a dictionary: > > - Windows users often enter a "\" in place of "/" > > - Rarely there are "\" in the phrases > > I think what you're looking for is this... > > org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true > > https://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Security > <https://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Security> > > If you set it to true, it should allow '%2F' and '%5C' in your URL. > > This has security implications though. Please read the following link for > CVE-2007-0450. > > https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.10 > <https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.10> > > Dan > > On May 8, 2013, at 8:46 AM, Lutischán Ferenc wrote: >>> Dear Users, >>> >>> Tomcat 7.0.39. >>> >>> I have problem with the following url in firefox 20: >>> http://dictzone.com/english-german-dictionary/a\ (it resulted in >>> thehttp://dictzone.com/english-german-dictionary/a%5C request). >> Why do you have a "\" on the end of the URL? Is that intentional? Does it >> work if you remove it? >> >>> It results is an emtpy page. >> What is the HTTP Status code being returned with the request? 4xx? 5xx? >> >> >>> This request don't arrive my servelt / filter codes. >> Please include your servlet mapping from web.xml. >> >> >> Dan >> >> >>> How to fix it? >>> >>> Regards, >>> Ferenc >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail:users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail:users-h...@tomcat.apache.org >>> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail:users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail:users-h...@tomcat.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
