https://bz.apache.org/bugzilla/show_bug.cgi?id=60594
--- Comment #20 from Mark Thomas <ma...@apache.org> ---
(In reply to Lulseged Zerfu from comment #19)
> Hi
>
> We have found that we have problems with some characters that are not
> allowed in request URI and would like to know if any filter or valve can be
> applied to encode until clients get updated instead of responding with 400
> Bad Request.
No. The invalid request is rejected long before the execution reaches a Valve
or Filter.
As described above, Tomcat 8.5.x and earlier have a configuration option to
allow '{', '}' and '|'. If you want to add other characters to the possible
whitelist values, you need to make a case for them.
> We have millions of clients (both android and ios) that needs to follow the
> RFC but it will take time but until then there must be some work around that
> can be used.
Running Tomcat behind a more lenient reverse proxy that encodes the invalid
characters before the request is passed to Tomcat is another solution. You
should be aware that generally, and for the same reasons Tomcat tightened
request target parsing, other web servers will head in the same direction as
Tomcat over time and start rejecting these requests.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
