Re: Invalid characters in request header

2017-09-12 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martynas, On 9/9/17 6:29 AM, Martynas Jusevičius wrote: > Well then you're out of luck. Everything is as expected though, at > least on your end -- client sends invalid request, gets error > response. What else do you need? He's specifically

Re: Invalid characters in request header

2017-09-09 Thread Alex O'Ree
Is there a way too log whatever the offending header was? On Sep 9, 2017 6:30 AM, "Martynas Jusevičius" wrote: > Well then you're out of luck. Everything is as expected though, at least on > your end -- client sends invalid request, gets error response. What else do >

Re: Invalid characters in request header

2017-09-09 Thread Martynas Jusevičius
Well then you're out of luck. Everything is as expected though, at least on your end -- client sends invalid request, gets error response. What else do you need? On Sat, Sep 9, 2017 at 12:13 PM, Yuval Schwartz wrote: > Is that in my control? The url is not one that

Re: Invalid characters in request header

2017-09-09 Thread Yuval Schwartz
Is that in my control? The url is not one that appears on my website, it's something that was manually written by some client. On Sat, Sep 9, 2017 at 1:12 PM, Martynas Jusevičius wrote: > Tomcat is an HTTP sever, and if your client is sending invalid HTTP > requests,

Re: Invalid characters in request header

2017-09-09 Thread Martynas Jusevičius
Tomcat is an HTTP sever, and if your client is sending invalid HTTP requests, Tomcat is right to respond with 400. The solution is to fix the client. On Sat, Sep 9, 2017 at 12:09 PM, Yuval Schwartz wrote: > Hello Martynas, thanks. > > I'm not sure 404 is better than

Re: Invalid characters in request header

2017-09-09 Thread Yuval Schwartz
Hello Martynas, thanks. I'm not sure 404 is better than 400. Wouldn't it be preferable to validate the url before it has a chance to throw the exception? I guess my only reason for preferring this is because I don't want it crowding up my logs. I figure if I can filter it out beforehand then

Re: Invalid characters in request header

2017-09-09 Thread Martynas Jusevičius
How is 404 beter than 400? On Sat, Sep 9, 2017 at 9:46 AM, Yuval Schwartz wrote: > Tomcat version:8.0.43 > jdk1.8.0_05 > > Hello, > > I've asked a similar question in the past about illegal characters in the > http request header (May 15, 2017). > > Certain users are

Invalid characters in request header

2017-09-09 Thread Yuval Schwartz
Tomcat version:8.0.43 jdk1.8.0_05 Hello, I've asked a similar question in the past about illegal characters in the http request header (May 15, 2017). Certain users are able to send http requests to my server that contain the space character. This character is obviously not allowed. Tomcat