Invalid character found in the request target. The valid characters are defined in RFC 3986
問題描述
請求參數含有特殊字符時後臺報這個錯誤:java
信息: Error parsing HTTP request header Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level. java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986 at org.apache.coyote.http11.InternalAprInputBuffer.parseRequestLine(InternalAprInputBuffer.java:235) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1000) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2517) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2506) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)
查了資料緣由是 Tomcat在 7.0.73, 8.0.39, 8.5.7 版本後,添加了對於http頭的驗證。apache
安全定義
安全字符tomcat
- 英文字母 : a-zA-Z
- 數字 : 0-9
- 特殊字符 : -_.~
- 保留字符 : !*'();:@&=+$,/?#[]
不安全字符安全
- 空格 : Url在傳輸的過程,或者用戶在排版的過程,或者文本處理程序在處理Url的過程,都有可能引入可有可無的空格,或者將那些有意義的空格給去掉
- "(雙引號) 以及 <>(尖括號) : 引號和尖括號一般用於在普通文本中起到分隔Url的做用
- # : 一般用於表示書籤或者錨點
- % : 百分號自己用做 對 不安全字符進行轉碼 的特殊字符 , 因此必需要轉碼
- {}|^[]`~ : 某一些網關或者傳輸代理會篡改這些字符
- 中文 : 中文做爲一個特殊編碼 , 對tomcat來講 ,也是不識別的.因此必須轉碼
org.apache.tomcat.util.http.parser.HttpParser#IS_NOT_REQUEST_TARGET[] 中定義了一堆not request targetapp
if(IS_CONTROL[i] || i > 127 || i == 32 || i == 34 || i == 35 || i == 60 || i == 62 || i == 92 || i == 94 || i == 96 || i == 123 || i == 124 || i == 125) {
IS_NOT_REQUEST_TARGET[i] = true;
}
- 鍵盤上那些控制鍵:(<32或者=127)
- 非英文字符(>127)
- 空格(32)
- 雙引號(34)
- #(35)
- <(60)
- >(62)
- 反斜槓(92)
- ^(94)
- ` : TAB上面那個鍵(96)
- {(123)
- }(124)
- |(125)
三種解決方案
方案一:post
更換低版本的Tomcat來規避這種問題。編碼
使用 7.0.73 以前的版本url
方案二:.net
在conf/catalina.properties中最後添加一行:代理
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
或者,把要安全使用的放到配置後面
tomcat.util.http.parser.HttpParser.requestTargetAllow=|{}
方案三:
- get 請求,參數轉碼
- post請求,放到body中
參數轉碼
encodeURI("http://localhost:8080/app/handleResponse?msg=name|id|")
> http://localhost:8080/app/handleResponse?msg=name%7Cid%7C
我的問題
升級Tomcat到8.5 後 , 出現這個問題. 經查證, 是Request url 中 , 出現了中文.
將參數encode後,問題解決!
參考
[異常:Invalid character found in the request target. The valid characters are defined in RFC 3986 : 做者:碼上筆記]https://blog.csdn.net/ak57193856/article/details/77892749
相關文章
- 1. springboot Invalid character found in the request target. The valid characters are defined in RFC 72...
- 2. Invalid character... request target. The valid characters are defined in RFC 7230 and RFC 3986
- 3. Tomcat 8 Invalid character found in the request target. The valid characters are defined in RFC 3986
- 4. 異常:Invalid character found in the request target. The valid characters are defined in RFC 3986
- 5. 解決Tomcat報Invalid character found in the request target. The valid characters are defined in RFC 3986
- 6. Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC
- 7. invalid character found in the request target the valid characters are defined in rfc 7230 and rfc
- 8. The valid characters are defined in RFC 7230and RFC 3986
- 9. 解決Invalid character found in the request target. The valid characters are defined in RFC 7230 and RF
- 10. 項目報錯:Invalid character found in the request target. The valid characters are defined in RFC 7230 and
- 更多相關文章...
- • SQL IN 操作符 - SQL 教程
- • Swift for-in 循環 - Swift 教程
- • 爲了進字節跳動,我精選了29道Java經典算法題,帶詳細講解
- • Kotlin學習(一)基本語法
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. springboot Invalid character found in the request target. The valid characters are defined in RFC 72...
- 2. Invalid character... request target. The valid characters are defined in RFC 7230 and RFC 3986
- 3. Tomcat 8 Invalid character found in the request target. The valid characters are defined in RFC 3986
- 4. 異常:Invalid character found in the request target. The valid characters are defined in RFC 3986
- 5. 解決Tomcat報Invalid character found in the request target. The valid characters are defined in RFC 3986
- 6. Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC
- 7. invalid character found in the request target the valid characters are defined in rfc 7230 and rfc
- 8. The valid characters are defined in RFC 7230and RFC 3986
- 9. 解決Invalid character found in the request target. The valid characters are defined in RFC 7230 and RF
- 10. 項目報錯:Invalid character found in the request target. The valid characters are defined in RFC 7230 and