admin管理员组文章数量:1608626
Spring boot: Error parsing HTTP request header
一、问题
Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:468)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:260)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860)
at org.apache.tomcat.util.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1598)
at org.apache.tomcat.util.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
大致意思:请求信息中出现了错误。
二、分析
-
一般接口都正常,只有 http://172.18.8.114:8760/api/authority/enums?ts=1654582788439&codes[]=DataScopeType 发生异常,而其中包含了"[]"特殊字符,说明是请求信息中有特殊字符导致的。
-
异常来源,Spring boot服务,一直运行正常,由于需要对请求方法做过滤,基于内置Tomcat运行的,所以对内置的Tomcat的相关配置,而后开始出现此错误,故错误一定出现在,新增的对于Tomcat的配置。
/** * 配置SpringBoot内置的Tomcat的请求接口,url在anno/下的所有接口,均不许使用"HEAD|PUT|DELETE..."等方法访问 * @author HFL * @date 2022/6/19:40 */ @Configuration public class TomcatConfiguration { @Bean public ConfigurableServletWebServerFactory configurableServletWebServerFactory(){ TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory(); factory.addContextCustomizers(context -> { SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/anno/*"); collection.addMethod("HEAD"); collection.addMethod("PUT"); collection.addMethod("DELETE"); collection.addMethod("TRACE"); collection.addMethod("OPTIONS"); collection.addMethod("PATCH"); collection.addMethod("COPY"); collection.addMethod("SEARCH"); collection.addMethod("PROPFIND"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); }); return factory; } }
三、解决
查找资料,找到三种解决方式:
-
将请求参数进行encodeURI处理 (未测试 不推荐)
encodeURL(参数)
-
降低Tomcat版本,看着就不靠谱 (未测试 不推荐)
-
增加Tomcat的TomcatServletWebServerFactory的配置,使其请求可以包含特殊字符”#<>[\]^`{|}“ (测试有效 推荐使用)
/** * 配置SpringBoot内置的Tomcat的请求接口: * 项目请求地址是,anno/下的所有接口, * 均不许使用"HEAD|PUT|DELETE|TRACE|OPTIONS|PATCH|COPY|SEARCH"请求方式访问 * @author HFL * @date 2022/6/19:40 */ @Configuration public class TomcatConfiguration { @Bean public ConfigurableServletWebServerFactory configurableServletWebServerFactory(){ TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory(); factory.addContextCustomizers(context -> { SecurityConstraint securityConstraint = new SecurityConstraint(); securityConstraint.setUserConstraint("CONFIDENTIAL"); SecurityCollection collection = new SecurityCollection(); collection.addPattern("/anno/*"); collection.addMethod("HEAD"); collection.addMethod("PUT"); collection.addMethod("DELETE"); collection.addMethod("TRACE"); collection.addMethod("OPTIONS"); collection.addMethod("PATCH"); collection.addMethod("COPY"); collection.addMethod("SEARCH"); collection.addMethod("PROPFIND"); securityConstraint.addCollection(collection); context.addConstraint(securityConstraint); }); //请求信息中允许包含”#<>[\]^`{|}“等特殊字符 factory.addConnectorCustomizers((Connector connector) -> { connector.setProperty("relaxedPathChars","\"#<>[\\]^`{|}"); connector.setProperty("relaxedQueryChars","\"#<>[\\]^`{|}"); }); return factory; } }
四、注意
-
对于ContextCustomizers的配置,是针对请求接口中出现WebDAV低危漏洞做出的处理,只出现Error parsing HTTP request header此错误,无需对ContextCustomizers进行配置,只配置特殊字符即可,如下配置。
/** * 允许请求信息中允许包含#<>[\]^`{|}等特殊字符 * @author HFL * @date 2022/6/19:40 */ @Configuration public class TomcatConfiguration { @Bean public ConfigurableServletWebServerFactory configurableServletWebServerFactory(){ TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory(); //请求信息中允许包含"#<>[\]^`{|}"等特殊字符 factory.addConnectorCustomizers((Connector connector) -> { connector.setProperty("relaxedPathChars","\"#<>[\\]^`{|}"); connector.setProperty("relaxedQueryChars","\"#<>[\\]^`{|}"); }); return factory; } }
-
文中提到的除"[]"的其他特殊字符本人未做详细测试,使用者请自行测试。
五、参考
1.异常 org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
2.Spring boot 报错 Error parsing HTTP request header
本文标签: TomcatErrorSpringbootrequest
版权声明:本文标题:【Spring Boot:[Tomcat] Error parsing HTTP request header】 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://m.elefans.com/dongtai/1728549916a1163298.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论