Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

Tomcat接收到的请求的URI中包含了不合法的字符,比如  { }  ( )  ^ ` \  | #  \\ 这些字符在RFC (Request Format Comment)文档中有规定,不能被用在Request Header,也就是request的URI中。

查看tomcat源码

apache-tomcat-7.0.73-src\java\org\apache\coyote\http11\InternalInputBuffer.java

public class InternalInputBuffer extends AbstractInputBuffer<Socket> {
   ....省略
    /**
     * Read the request line. This function is meant to be used during the
     * HTTP request header parsing. Do NOT attempt to read the request body
     * using it.
     *
     * @throws IOException If an exception occurs during the underlying socket
     * read operations, or if the given buffer is not big enough to accommodate
     * the whole line.
     */
    @Override
    public boolean parseRequestLine(boolean useAvailableDataOnly)
        throws IOException {
    ...省略
        //
        // Reading the URI
        //
        boolean eol = false;
        while (!space) {
            // Read new bytes if needed
            if (pos >= lastValid) {
                if (!fill())
                    throw new EOFException(sm.getString("iib.eof.error"));
            }
            // Spec says single SP but it also says be tolerant of HT
            if (buf[pos] == Constants.SP || buf[pos] == Constants.HT) {
                space = true;
                end = pos;
            }else if (HttpParser.isNotRequestTarget(buf[pos])) {  
        //如果请求参数中的字符不是被允许的字符,则抛异常  HttpParser这个类 看下面代码片
                throw new IllegalArgumentException(sm.getString("iib.invalidRequestTarget"));
            }
            pos++;
        }
    ... 省略
        return true;
    }
}

apache-tomcat-7.0.73-src\java\org\apache\tomcat\util\http\parser\HttpParser.java

private static final int ARRAY_SIZE = 128;
private static final boolean[] IS_NOT_REQUEST_TARGET = new boolean[ARRAY_SIZE];
static {
        // Digest field types.for (int i = 0; i < ARRAY_SIZE; i++) {
            // Control> 0-31, 127
            if (i < 32 || i == 127) {
                IS_CONTROL[i] = true;
            }// Not valid for request target.
            // Combination of multiple rules from RFC7230 and RFC 3986. Must be
            // ASCII, no controls plus a few additional characters excluded
       // 不合法的字符在这里都会导致请求不合法而抛异常 请求失败
            if (IS_CONTROL[i] || i > 127 ||
                    i == ' ' || i == '\"' || i == '#' || i == '<' || i == '>' || i == '\\' ||
                    i == '^' || i == '`'  || i == '{' || i == '|' || i == '}') {
                IS_NOT_REQUEST_TARGET[i] = true;
            }
        }
    }

HTTP协议说到底只是一个OSI应用层通讯的标准,在tomcat源码中对HTTP进行了实现,可能在一些Tomcat版本中没有实现对请求字符的限制,可以预见,在Tomcat7.0.64之后的版本以及 Tomcat8、9都会对请求头的字符进行限制。

【Tomcat】Invalid character found in the request target的更多相关文章

  1. Tomcat 8 Invalid character found in the request target. The valid characters are defined in RFC 3986

    终极解决方案: Invalid character found in the request target. The valid characters are defined in RFC 3986 ...

  2. Tomcat v7.0 java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

    十二月 , :: 下午 org.apache.coyote.http11.AbstractHttp11Processor process 信息: Error parsing HTTP request ...

  3. Tomcat : Invalid character found in the request target

    Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC ...

  4. tomcat Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

      1.情景展示 tomcat 日志时不时会报出如下异常信息,到底是怎么回事? java.lang.IllegalArgumentException: Invalid character found ...

  5. Tomcat报错Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

    问题描述:后台报错 Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.java ...

  6. Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC

    解决Invalid character found in the request target. The valid characters are defined in RFC 7230 and RF ...

  7. Invalid character found in the request target.

    背景:springboot项目内置tomcat9.0 调用的接口中有{}就会报错 解决办法: 新的tomcat新版本增加了一个新特性,就是严格按照 RFC 3986规范进行访问解析,而 RFC 398 ...

  8. 后台报错java.lang.IllegalArgumentException: Invalid character found in the request target.

    报错: Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level. java.lang ...

  9. 解决springboot项目请求出现非法字符问题 java.lang.IllegalArgumentException:Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

    springboot版本: 2.1.5 最近使用springboot搭建了一个App后台服务的项目,开发接口的时候在本机使用postman工具做请求测试,请求返回一直很正常,但是在前端开发使用h5请求 ...

随机推荐

  1. multipath多路径实验01-构建iscsi模拟环境

    multipath多路径实验01-构建iscsi模拟环境 前几天跟同事网上闲聊技术,吐槽之前自己没有配置过多路径的经历,虽然多路径的配置过程很简单,职责划分也应是主机或存储工程师来搞定,DBA只需要直 ...

  2. select默认选中项颜色为灰色,选择后变为黑色(js实现)

    <script> var unSelected = "#999"; var selected = "#333"; $(function () { $ ...

  3. 迭代器 Iterator

    迭代器 Iterator 2016-5-7 可以这样说,迭代器统一了对容器的访问方式. 考虑这样的情景:原本是对着List编码,但是后来发现需要把相同的代码用于Set.我们需要一种不关心容器类型 而能 ...

  4. 前端十万个为什么(之一):我们为什么需要npm?

    p.p1 { margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px ".PingFang SC"; color: #454545 } span ...

  5. C#导入导出Excele数据

    注:对于实体类对象最好新建一个并且继承原有实体类,这样可以将类型进行修改: 方法一:此种方法是用EPPLUS中的FileInfo流进行读取的(是不是流我还真不太了解,若有懂得请留言,非常感谢了) us ...

  6. Angular4.0从入门到实战打造在线竞拍网站学习笔记之四--数据绑定&管道

    Angular4.0基础知识之组件 Angular4.0基础知识之路由 Angular4.0依赖注入 数据绑定 数据绑定允许你将组件控制器的属性和方法与组件的模板连接起来,大大降低了开发时的编码量. ...

  7. JAVA基础2----数据类型和运算符

    Java数据类型 1.基本数据类型 整数:byte/short/int/long byte:-128~127 (1个字节) short:-2^15~2^15-1 (2个字节) int(默认类型):-2 ...

  8. Redux源码分析之compose

    Redux源码分析之基本概念 Redux源码分析之createStore Redux源码分析之bindActionCreators Redux源码分析之combineReducers Redux源码分 ...

  9. Python用Pillow(PIL)进行简单的图像操作

    Python用Pillow(PIL)进行简单的图像操作 颜色与RGBA值 计算机通常将图像表示为RGB值,或者再加上alpha值(通透度,透明度),称为RGBA值.在Pillow中,RGBA的值表示为 ...

  10. 看完给跪了:技术大牛总结的Github与华为软件开发云完整对比

    华为软件开发云配置管理 服务和Github是国内外比较有代表性的代码托管平台,它们以git作为版本管理工具,使项目中身处各地的人员可以协同工作,主要操作涉及仓库.分支.提交.pull request等 ...