Is there a way too log whatever the offending header was? On Sep 9, 2017 6:30 AM, "Martynas Jusevičius" <marty...@atomgraph.com> wrote:
> Well then you're out of luck. Everything is as expected though, at least on > your end -- client sends invalid request, gets error response. What else do > you need? > > On Sat, Sep 9, 2017 at 12:13 PM, Yuval Schwartz <yuval.schwa...@gmail.com> > wrote: > > > Is that in my control? The url is not one that appears on my website, > it's > > something that was manually written by some client. > > > > On Sat, Sep 9, 2017 at 1:12 PM, Martynas Jusevičius < > > marty...@atomgraph.com> > > wrote: > > > > > Tomcat is an HTTP sever, and if your client is sending invalid HTTP > > > requests, Tomcat is right to respond with 400. The solution is to fix > the > > > client. > > > > > > On Sat, Sep 9, 2017 at 12:09 PM, Yuval Schwartz < > > yuval.schwa...@gmail.com> > > > wrote: > > > > > > > Hello Martynas, thanks. > > > > > > > > I'm not sure 404 is better than 400. > > > > > > > > Wouldn't it be preferable to validate the url before it has a chance > to > > > > throw the exception? > > > > I guess my only reason for preferring this is because I don't want it > > > > crowding up my logs. > > > > I figure if I can filter it out beforehand then it's not really an > > > > exception? But I would be happy to hear thoughts on this as I'm still > > > > fairly new to programming. I'm not sure what is considered best > > practice > > > > here. > > > > > > > > Thanks. > > > > > > > > On Sat, Sep 9, 2017 at 12:24 PM, Martynas Jusevičius < > > > > marty...@atomgraph.com > > > > > wrote: > > > > > > > > > How is 404 beter than 400? > > > > > > > > > > On Sat, Sep 9, 2017 at 9:46 AM, Yuval Schwartz < > > > yuval.schwa...@gmail.com > > > > > > > > > > wrote: > > > > > > > > > > > Tomcat version:8.0.43 > > > > > > jdk1.8.0_05 > > > > > > > > > > > > Hello, > > > > > > > > > > > > I've asked a similar question in the past about illegal > characters > > in > > > > the > > > > > > http request header (May 15, 2017). > > > > > > > > > > > > Certain users are able to send http requests to my server that > > > contain > > > > > the > > > > > > space character. > > > > > > This character is obviously not allowed. Tomcat recognizes it and > > > > throws > > > > > an > > > > > > IllegalArgumentException and a http response code 400 is returned > > to > > > > the > > > > > > client. > > > > > > From my logs: > > > > > > > > > > > > > > > > > > > > > > > > *Error parsing HTTP request header...* > > > > > > *java.lang.IllegalArgumentException: Invalid character found in > > the > > > > > > request > > > > > > target. The valid characters are defined in RFC 7230 and RFC > 3986* > > > > > > > > > > > > Is there any way to validate the url before it reaches tomcat so > > > that I > > > > > can > > > > > > return a 404 if an invalid character is found in the url? I would > > > just > > > > > like > > > > > > to avoid exceptions being thrown where possible. > > > > > > > > > > > > Thank you. > > > > > > > > > > > > > > > > > > > > >
