Dear Dan,
Thanks for your suggestion.
I tried it, but it didn't work for me (Tomcat started with parameter:
-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true).
In my tomcat log:
127.0.0.1 - - [09/May/2013:15:34:54 +0200] "GET
/angol-magyar-szotar/w%5C HTTP/1.1" 400 -
Regards,
Ferenc
> Dear Dan,
>
> Thank for your reply.
>
> 1. This site is a dictionary:
> - Windows users often enter a "\" in place of "/"
> - Rarely there are "\" in the phrases
I think what you're looking for is this...
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
https://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Security
<https://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Security>
If you set it to true, it should allow '%2F' and '%5C' in your URL.
This has security implications though. Please read the following link
for CVE-2007-0450.
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.10
<https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.10>
Dan
On May 8, 2013, at 9:09 AM, Lutischán Ferenc wrote:
> Dear Dan,
>
> Thank for your reply.
>
> 1. This site is a dictionary:
> - Windows users often enter a "\" in place of "/"
> - Rarely there are "\" in the phrases
I think what you're looking for is this...
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
https://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Security
<https://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Security>
If you set it to true, it should allow '%2F' and '%5C' in your URL.
This has security implications though. Please read the following link
for CVE-2007-0450.
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.10
<https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.10>
Dan
On May 8, 2013, at 8:46 AM, Lutischán Ferenc wrote:
Dear Users,
Tomcat 7.0.39.
I have problem with the following url in firefox 20:
http://dictzone.com/english-german-dictionary/a\ (it resulted in
thehttp://dictzone.com/english-german-dictionary/a%5C request).
Why do you have a "\" on the end of the URL? Is that intentional? Does it
work if you remove it?
It results is an emtpy page.
What is the HTTP Status code being returned with the request? 4xx? 5xx?
This request don't arrive my servelt / filter codes.
Please include your servlet mapping from web.xml.
Dan
How to fix it?
Regards,
Ferenc
---------------------------------------------------------------------
To unsubscribe, e-mail:users-unsubscr...@tomcat.apache.org
For additional commands, e-mail:users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail:users-unsubscr...@tomcat.apache.org
For additional commands, e-mail:users-h...@tomcat.apache.org