报错: The request was rejected because the URL contained a potentially malicious String “//“

于 2024-08-16 14:24:43 发布
阅读量5.7k 收藏 5
点赞数 11
分类专栏: SpringSecurity 文章标签: spring java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/BIGMOUTH_2105/article/details/141258140
版权

1. 报错详情:

org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String “//”
服务器后端报错

2. 原因

Spring Security 框架中提供了一个 HttpFirewall,这是一个请求防火墙,它可以自动处理掉一些非法请求,请求地址格式中不能包含;、// 、 % …等字符或编码,必须是标准化 URL。

3. 解决方法

(1)方法一:

请求地址中去掉多余的"/"

(2)方法二

如果希望请求地址中可以出现 %,在SpringSecurity中进行如下配置

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

	/*
	*	支持"//"
	*/
    @Bean
    public HttpFirewall httpFirewall() {
        StrictHttpFirewall firewall = new StrictHttpFirewall();
        firewall.setAllowUrlEncodedDoubleSlash(true);
        return firewall;
    }
}

参考资料:

https://www.cnblogs.com/jishumonkey/p/16053410.html

The request was rejected because the URL contained a potentially malicious String “;“问题的正确解决姿势
m0_67392010的博客
09-12 2195
深知大多数初中级Java工程师,想要提升技能,往往是自己摸索成长或者是报班学习,但对于培训机构动则近万的学费,着实压力不小。自己不成体系的自学效果低效又漫长,而且极易碰到天花板技术停滞不前!因此收集整理了一份《Java开发全套学习资料》送给大家,初衷也很简单,就是希望能够帮助到想自学提升又不知道该从何学起的朋友,同时减轻大家的负担。
the URL contained a potentially malicious String “//“
张子豪的博客
02-21 1088
这个问题是因为前端的请求url后面多加了一个斜杠,把后面的斜杠删了就行,
jar包启动报错The request was rejected because the URL contained a potentially malicious String “%25“
IT小辉同学
08-16 2729
晚安,玛卡巴卡——
【SSM_bugs】The request was rejected because the URL contained a potentially malicious String “//“
m0_46308522的博客
06-06 367
The request was rejected because the URL contained a potentially malicious String "//"
springboot学习(七十一)解决问题:the URL contained a potentially malicious String “;“
文若书生的专栏
03-30 3508
访问某个请求报错: org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String ";" 这是因为使用了SpringSecurity,其中有个防火墙:org.springframework.security.web.firewall.StrictHttpFirewall阻
SpringSecurity:request was rejected because the URL contained a potentially malicious String “//“
Ricardo.M.Yu的博客
03-15 3167
spring security路径问题
项目服务间访问提示The request was rejected because the URL contained a potentially malicious String “//“
喜羊羊love红太狼
01-23 1361
1.开发过程最好是按照规范开发,可以避免诸如此类低级问题。比如项目中前缀是那么controller统一这样的话拼接到一起就不会有双横线问题了2.当然如果允许路径中存在双横线则可以在security中添加配置@Bean//此处可添加别的规则,目前只设置 允许双 //
ngixn 配置websoket代理,后台服务器报错 The request was rejected because the URL contained a potentially malicious String "//"
08-14
在Nginx配置WebSocket代理时,如果遇到后台服务器报"The request was rejected because the URL contained a potentially malicious String `//`"的错误,这通常是因为Nginx在尝试解析URL时检测到了不安全的双斜线...
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String "//"
最新发布
03-14
### Spring Security 中因 URL 包含双斜杠 (`//`) 导致 `RequestRejectedException` 的解决方案 当应用程序使用 Spring Security 并启用了默认的安全配置时,如果请求的 URL 中包含恶意字符串(如双斜杠 `//`),...
The request was rejected because the URL contained a potentially malicious String "//"
07-27
- *3* [The request was rejected because the URL contained a potentially malicious String “%2e](https://blog.csdn.net/qq_42483257/article/details/122426009)[target="_blank" data-report-click={"spm":...
The request was rejected because the URL contained a potentially malicious String “//“
愤怒的苹果ext的博客
02-07 4628
报错详情 org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String “//” at org.springframework.security.web.firewall.StrictHttpFirewall.rejectedBlacklistedUrls(StrictH
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because
u013430054的博客
04-22 1万+
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String "%3B"org.springframework.security.web.firewall.Req...
The request was rejected because the URL contained a potentially malicious String “%2e“
脑神
01-11 4855
日志出现: [http-nio-80-exec-3] ERROR o.a.c.c.C.[.[localhost].[/].[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception org.springframework.security.web.firewall.RequestRejectedException: The request w
The request was rejected because the URL contained a potentially malicious String “//“ 报错
weixin_44635886的博客
08-04 1万+
请求将被拒绝,因为URL字符串包含一个潜在的恶意“/ /” The request was rejected because the URL contained a potentially malicious String “//“
The request was rejected because the URL contained a potentially malicious String ";"报错解决,
热门推荐
zhuyongru的专栏
09-11 2万+
去掉 URL 中讨厌的 jsessionid 在Java开发的网站中,经常会出现在URL中包含有jsessionid,用来记录session。 这是因为如果浏览器不支持cookie,JSP容器通过在URL中包含jsessionid来达到session的效果。 第一次访问的时候服务器不知道客户端有没有禁用cookie,所以会在超链接上加上jsessionid,在session过期以前第二次访问的...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

Zyunhhh

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值