https://bz.apache.org/bugzilla/show_bug.cgi?id=60594
--- Comment #20 from Mark Thomas <ma...@apache.org> --- (In reply to Lulseged Zerfu from comment #19) > Hi > > We have found that we have problems with some characters that are not > allowed in request URI and would like to know if any filter or valve can be > applied to encode until clients get updated instead of responding with 400 > Bad Request. No. The invalid request is rejected long before the execution reaches a Valve or Filter. As described above, Tomcat 8.5.x and earlier have a configuration option to allow '{', '}' and '|'. If you want to add other characters to the possible whitelist values, you need to make a case for them. > We have millions of clients (both android and ios) that needs to follow the > RFC but it will take time but until then there must be some work around that > can be used. Running Tomcat behind a more lenient reverse proxy that encodes the invalid characters before the request is passed to Tomcat is another solution. You should be aware that generally, and for the same reasons Tomcat tightened request target parsing, other web servers will head in the same direction as Tomcat over time and start rejecting these requests. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org