Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

Tomcat的coyote-connector解析到请求中包含了不合法的字符,比如  { }  ( )  ^ ` \  | #  \\

这是典型的400错误,不合法的请求,根据RFC (Request Format Comment)文档的规定,以上字符不能被用在Request Header,也就是request的URI中。

我遇到这个问题是两个tomcat应用之间通讯时发送了一个请求,这个请求包含片段.*\.(css|js|jpg|jpeg|png|gif|ico|woff)$,

很显然,这个请求中包含 \ ( | 这三个不合法的字符;转义是不能解决问题的;因为tomcat会对请求中每个字符都进行检查;

我的解决办法就是 将 .*\.(css|js|jpg|jpeg|png|gif|ico|woff)$ 换成 .*tpl$,.*css$,.*js$,.*jpg$,.*jpeg$,.*bmp$,.*png$,.*gif$,.*ico$,.*woff$

查看tomcat源码

apache-tomcat-7.0.73-src\java\org\apache\coyote\http11\InternalInputBuffer.java

public class InternalInputBuffer extends AbstractInputBuffer<Socket> {

   ....省略

    /**

     * Read the request line. This function is meant to be used during the

     * HTTP request header parsing. Do NOT attempt to read the request body

     * using it.

     *

     * @throws IOException If an exception occurs during the underlying socket

     * read operations, or if the given buffer is not big enough to accommodate

     * the whole line.

     */

    @Override

    public boolean parseRequestLine(boolean useAvailableDataOnly)

        throws IOException {

    ...省略

        //

        // Reading the URI

        //

        boolean eol = false;

        while (!space) {

            // Read new bytes if needed

            if (pos >= lastValid) {

                if (!fill())

                    throw new EOFException(sm.getString("iib.eof.error"));

            }

            // Spec says single SP but it also says be tolerant of HT

            if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) {

                space = true;

                end = pos;

            }else if (HttpParser.isNotRequestTarget(buf[pos])) {  
        //如果请求参数中的字符不是被允许的字符,则抛异常  HttpParser这个类 看下面代码片

                throw new IllegalArgumentException(sm.getString("iib.invalidRequestTarget"));

            }

            pos++;

        }

    ... 省略

        return true;

    }

}

apache-tomcat-7.0.73-src\java\org\apache\tomcat\util\http\parser\HttpParser.java

private static final int ARRAY_SIZE = 128;
private static final boolean[] IS_NOT_REQUEST_TARGET = new boolean[ARRAY_SIZE];
static {

        // Digest field types.for (int i = 0; i < ARRAY_SIZE; i++) {

            // Control> 0-31, 127

            if (i < 32 || i == 127) {

                IS_CONTROL[i] = true;

            }// Not valid for request target.

            // Combination of multiple rules from RFC7230 and RFC 3986. Must be

            // ASCII, no controls plus a few additional characters excluded

       // 不合法的字符在这里都会导致请求不合法而抛异常 请求失败

            if (IS_CONTROL[i] || i > 127 ||

                    i == ' ' || i == '\"' || i == '#' || i == '<' || i == '>' || i == '\\' ||

                    i == '^' || i == '`'  || i == '{' || i == '|' || i == '}') {

                IS_NOT_REQUEST_TARGET[i] = true;

            }

        }

    }

HTTP协议只是一个OSI应用层通讯的标准,在tomcat源码中对HTTP进行了实现,可能在一些Tomcat版本中没有实现对请求字符的限制,可以预见,在Tomcat7.0.64之后的版本以及 Tomcat8、9都会对请求头的字符进行限制。

Tomcat : Invalid character found in the request target的更多相关文章

  1. tomcat Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

      1.情景展示 tomcat 日志时不时会报出如下异常信息,到底是怎么回事? java.lang.IllegalArgumentException: Invalid character found ...

  2. 【Tomcat】Invalid character found in the request target

    Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC ...

  3. Tomcat v7.0 java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

    十二月 , :: 下午 org.apache.coyote.http11.AbstractHttp11Processor process 信息: Error parsing HTTP request ...

  4. Tomcat报错Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

    问题描述:后台报错 Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.java ...

  5. Tomcat 8 Invalid character found in the request target. The valid characters are defined in RFC 3986

    终极解决方案: Invalid character found in the request target. The valid characters are defined in RFC 3986 ...

  6. Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC

    解决Invalid character found in the request target. The valid characters are defined in RFC 7230 and RF ...

  7. Invalid character found in the request target.

    背景:springboot项目内置tomcat9.0 调用的接口中有{}就会报错 解决办法: 新的tomcat新版本增加了一个新特性,就是严格按照 RFC 3986规范进行访问解析,而 RFC 398 ...

  8. 后台报错java.lang.IllegalArgumentException: Invalid character found in the request target.

    报错: Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level. java.lang ...

  9. 解决springboot项目请求出现非法字符问题 java.lang.IllegalArgumentException:Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

    springboot版本: 2.1.5 最近使用springboot搭建了一个App后台服务的项目,开发接口的时候在本机使用postman工具做请求测试,请求返回一直很正常,但是在前端开发使用h5请求 ...

随机推荐

  1. 12.GIT多人协作

    当你从远程仓库克隆时,实际上Git自动把本地的master分支和远程的master分支对应起来了,并且,远程仓库的默认名称是origin. 查看远程库的信息 $ git remote origin $ ...

  2. oracle(十二)redo 与 undo

    1.undo:回滚未提交的事务.未提交前,内存不够用时,DBWR将脏数据写入数据文件中,以腾出内存空间. 这就是undo存在的原因. redo:恢复所有已提交的事务 2.实例失败(如主机掉电)可能出现 ...

  3. Keras-在预训练好网络模型上进行fine-tune

    在深度学习的学习过程中,可能会用到一些已经训练好的模型,比如Alex Net,google Net,VGG,Resnet等,那我们怎样对这些训练好的模型进行fine-tune来提高准确率呢? 参考文章 ...

  4. 解决下载ftp文件过程中,浏览器直接解析文件(txt,png等)的问题

    搭建了一个ftp服务器,供用户进行上传下载,在下载过程中发现,一些文件,例如txt,jpg,png,pdf等直接被浏览器解析了.在浏览器中显示其内容,没有下载. 下面通过网上查询得到一些解决方法: 最 ...

  5. java构建树用的Node

    package org.ccnt.med.body; import java.util.ArrayList; import java.util.List; public class Node { // ...

  6. C#判断用户是手机访问还是PC访问

    今天在做一个wap网站时,需要限制PC用户访问.网上找了很多资料,效果都不怎么理想.其实原理就是根据HTTP_USER_AGENT判断检查用户在用什么浏览器,再根据业务做相应的逻辑处理. 代码如下: ...

  7. js动态移动滚动条至底部示例

    使用js动态移动滚动条至底部. var currentPosition,timer;  function GoBottom(){  timer=setInterval("runToBotto ...

  8. Scrapy:学习笔记(1)——XPath

    Scrapy:学习笔记(1)——XPath 1.快速开始 XPath是一种可以快速在HTML文档中选择并抽取元素.属性和文本的方法. 在Chrome,打开开发者工具,可以使用$x工具函数来使用XPat ...

  9. hdu1700 Points on Cycle

    地址:http://acm.split.hdu.edu.cn/showproblem.php?pid=1700 题目: Points on Cycle Time Limit: 1000/1000 MS ...

  10. IntelliJ idea的初次使用

    1. 首次使用Idea工具,需要安装.我安装的版本是14.0.2.安装包下载地址 http://pan.baidu.com/s/1gfFkrzt 2. 安装SVN. 3.配置JDK. 4.配置mave ...