为什么此URL从Tomcat返回错误400? [英] Why is this URL returning error 400 from Tomcat?

问题描述

我有一台运行Java servlet的Tomcat服务器.我正在尝试制作一个servlet，该servlet会根据已加密的ID返回存储的文件.

I have a Tomcat server running Java servlets. I'm trying to make a servlet that returns stored files, given their encrypted IDs.

ID:100

加密的ID:+ e4/E5cR/aM =

Encrypted ID: +e4/E5cR/aM=

URL编码的ID:％2Be4％2FE5cR％2FaM％3D

URL-encoded ID: %2Be4%2FE5cR%2FaM%3D

结果URL: http://localhost/file/demo/％2Be4％2FE5cR％2FaM％3D

当我尝试访问该链接时，我什至没有进入servlet的代码-服务器返回以下错误:加载资源失败:服务器响应状态为400(错误请求)

When I try to follow that link, I don't even get into my servlet's code - the server returns this error: Failed to load resource: the server responded with a status of 400 (Bad Request)

此URL有什么问题，导致Tomcat在到达我的代码之前拒绝了它?我通过URL编码器运行它，但看不到任何无效字符.

What's wrong with this URL that's making Tomcat reject it before reaching my code? I ran it though a URL-encoder, and I don't see any invalid characters in it.

推荐答案

您在网址中编码了斜杠"/".由于潜在的攻击，Apache不允许使用它们.有允许设置的设置:

You have slash "/" encoded in the url. Apache doesn't allow them due to potential atacks. There is setting to allow them:

System.setProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH", "true");

或

-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true

参见类似的帖子.

这篇关于为什么此URL从Tomcat返回错误400?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！