开发者社区> 问答> 正文

tomcat报错Error parsing HTTP request header?报错

tomcat 7.0.75,jdk1.7.0.80,运行中报错Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

信息: Error parsing HTTP request header
 Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
 java.lang.IllegalArgumentException: Invalid character found in the request target. The 
 valid characters are defined in RFC 7230 and RFC 3986
	at org.apache.coyote.http11.InternalInputBuffer.parseRequestLine(InternalInputBuffer.
    java:189)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor
    .java:1000)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol
    .java:637)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)

tomcat配置:

<Connector 
   	connectionTimeout="20000" 
   	port="8080" 
   	protocol="HTTP/1.1" 
   	redirectPort="8443"
  	URIEncoding="UTF-8"
/>

 

展开
收起
爱吃鱼的程序员 2020-06-08 16:47:49 984 0
1 条回答
写回答
取消 提交回答
  • https://developer.aliyun.com/profile/5yerqm5bn5yqg?spm=a2c6h.12873639.0.0.6eae304abcjaIB

    据说切换tomcat版本可以解决这个问题。

    我查网上有说tomcat8.0.38之后对请求的参数加了限制,导致json格式的请求参数无法访问,但是我这个7也不行呀,换了项目原来的tomcat确实好的,想知道具体是什么问题,能不能通过配置tomcat解决这个问题。

    大神,我也遇到同样问题,你们是具体怎么解决的?如果改tomcat版本的话,改成具体哪个版本的,在线等!!!!

    https://tomcat.apache.org/security-7.html

    ApacheTomcat7.0.73修复了 CVE-2016-6816,需要把一些字符,像{,},[,]等等进行编码就可以了。

    Important:InformationDisclosureCVE-2016-6816:

    ThecodethatparsedtheHTTPrequestlinepermittedinvalidcharacters.Thiscouldbeexploited,inconjunctionwithaproxythatalsopermittedtheinvalidcharactersbutwithadifferentinterpretation,toinjectdataintotheHTTPresponse.BymanipulatingtheHTTPresponsetheattackercouldpoisonaweb-cache,performanXSSattackand/orobtainsensitiveinformationfromrequestsotherthentheirown.

     

    2020-06-08 16:48:07
    赞同 展开评论 打赏
问答排行榜
最热
最新

相关电子书

更多
阿里巴巴HTTP 2.0实践及无线通信协议的演进之路 立即下载
CDN助力企业网站进入HTTPS时代 立即下载
Apache Tomcat 的云原生演进 立即下载