Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

Tomcat接收到的请求的URI中包含了不合法的字符,比如  { }  ( )  ^ ` \  | #  \\ 这些字符在RFC (Request Format Comment)文档中有规定,不能被用在Request Header,也就是request的URI中。

查看tomcat源码

apache-tomcat-7.0.73-src\java\org\apache\coyote\http11\InternalInputBuffer.java

public class InternalInputBuffer extends AbstractInputBuffer<Socket> {
   ....省略
    /**
     * Read the request line. This function is meant to be used during the
     * HTTP request header parsing. Do NOT attempt to read the request body
     * using it.
     *
     * @throws IOException If an exception occurs during the underlying socket
     * read operations, or if the given buffer is not big enough to accommodate
     * the whole line.
     */
    @Override
    public boolean parseRequestLine(boolean useAvailableDataOnly)
        throws IOException {
    ...省略
        //
        // Reading the URI
        //
        boolean eol = false;
        while (!space) {
            // Read new bytes if needed
            if (pos >= lastValid) {
                if (!fill())
                    throw new EOFException(sm.getString("iib.eof.error"));
            }
            // Spec says single SP but it also says be tolerant of HT
            if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) {
                space = true;
                end = pos;
            }else if (HttpParser.isNotRequestTarget(buf[pos])) {  
        //如果请求参数中的字符不是被允许的字符,则抛异常  HttpParser这个类 看下面代码片
                throw new IllegalArgumentException(sm.getString("iib.invalidRequestTarget"));
            }
            pos++;
        }
    ... 省略
        return true;
    }
}

apache-tomcat-7.0.73-src\java\org\apache\tomcat\util\http\parser\HttpParser.java

private static final int ARRAY_SIZE = 128;
private static final boolean[] IS_NOT_REQUEST_TARGET = new boolean[ARRAY_SIZE];
static {
        // Digest field types.for (int i = 0; i < ARRAY_SIZE; i++) {
            // Control> 0-31, 127
            if (i < 32 || i == 127) {
                IS_CONTROL[i] = true;
            }// Not valid for request target.
            // Combination of multiple rules from RFC7230 and RFC 3986. Must be
            // ASCII, no controls plus a few additional characters excluded
       // 不合法的字符在这里都会导致请求不合法而抛异常 请求失败
            if (IS_CONTROL[i] || i > 127 ||
                    i == ' ' || i == '\"' || i == '#' || i == '<' || i == '>' || i == '\\' ||
                    i == '^' || i == '`'  || i == '{' || i == '|' || i == '}') {
                IS_NOT_REQUEST_TARGET[i] = true;
            }
        }
    }

HTTP协议说到底只是一个OSI应用层通讯的标准,在tomcat源码中对HTTP进行了实现,可能在一些Tomcat版本中没有实现对请求字符的限制,可以预见,在Tomcat7.0.64之后的版本以及 Tomcat8、9都会对请求头的字符进行限制。

【Tomcat】Invalid character found in the request target的更多相关文章

  1. Tomcat 8 Invalid character found in the request target. The valid characters are defined in RFC 3986

    终极解决方案: Invalid character found in the request target. The valid characters are defined in RFC 3986 ...

  2. Tomcat v7.0 java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

    十二月 , :: 下午 org.apache.coyote.http11.AbstractHttp11Processor process 信息: Error parsing HTTP request ...

  3. Tomcat : Invalid character found in the request target

    Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC ...

  4. tomcat Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

      1.情景展示 tomcat 日志时不时会报出如下异常信息,到底是怎么回事? java.lang.IllegalArgumentException: Invalid character found ...

  5. Tomcat报错Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

    问题描述:后台报错 Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.java ...

  6. Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC

    解决Invalid character found in the request target. The valid characters are defined in RFC 7230 and RF ...

  7. Invalid character found in the request target.

    背景:springboot项目内置tomcat9.0 调用的接口中有{}就会报错 解决办法: 新的tomcat新版本增加了一个新特性,就是严格按照 RFC 3986规范进行访问解析,而 RFC 398 ...

  8. 后台报错java.lang.IllegalArgumentException: Invalid character found in the request target.

    报错: Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level. java.lang ...

  9. 解决springboot项目请求出现非法字符问题 java.lang.IllegalArgumentException:Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

    springboot版本: 2.1.5 最近使用springboot搭建了一个App后台服务的项目,开发接口的时候在本机使用postman工具做请求测试,请求返回一直很正常,但是在前端开发使用h5请求 ...

随机推荐

  1. static 还是readonly 还是static readonly

    一.   static 多对象共享一段空间,或者说没有对象概念,就是类的概念,不需要实例化,自动被创建.多用于长期共享.不会为对象的创建或销毁而消失. public class C { ) publi ...

  2. Rsync:一个很实用的文件同步命令

    sync是Linux系统下的文件同步和数据传输工具,可用于同步文件.代码发布 1.安装. yum install -y xinetd yum insatll -y rsync 2.配置 打开rsync ...

  3. Linux工具之bc计算器进制的转换

    bc是Linux下的命令行式的计算器. 题目虽然叫任意进制,但是因为bc的限制,输入进制是2~16范围:输出进制是2~999范围.这与常见计算器的进制范围是一致的,比如windows计算器最高也只能处 ...

  4. SpringMVC配置实例

    一.SpringMVC概述 MVCII模式实现的框架技术 Model--业务模型(Biz,Dao...) View--jsp及相关的jquery框架技术(easyui) Contraller--Dis ...

  5. python3之微信文章爬虫

    前提: python3.4 windows 作用:通过搜狗的微信搜索接口http://weixin.sogou.com/来搜索相关微信文章,并将标题及相关链接导入Excel表格中 说明:需xlsxwr ...

  6. 一步一步学Vue(九)

    接上篇,这次是真的接上篇,针对上篇未完成的部分,增加鉴权功能,开始之前,我们先要介绍一个新的知识,路由元数据. 在vue-router中,定义元数据的方式: const router = new Vu ...

  7. Infer 在 Mac 上的安装和环境配置

    Infer 在 Mac 上的安装和环境配置 Infer 介绍 Infer 是一个静态分析工具.Infer 可以分析 Objective-C, Java 或者 C 代码,报告潜在的问题. 任何人都可以使 ...

  8. webpack vue2.0项目脚手架生成的webpack文件

    var path = require('path') var utils = require('./utils') var config = require('../config') var vueL ...

  9. echarts_部分图表配置简介_横向柱状图

    横向柱状图主要配置x位置x轴类型y轴类型(轴的类型分两种 1.category(类别)2.value(值)),代码简单(里面有注释)效果如下: var myChart = echarts.init(d ...

  10. ps-ef|grep-vgrep|grepsep|awk'{print"kill-9"$2}'|sh 这个表达式到底是什么意思啊?

    最佳答案   kill 掉sep这个程序ps -ef | 获取当前服务器所有进程grep -v grep 相当于grep自己吧自己过滤掉,就是不显示grepgrep seq 过滤出seqawk 截取 ...