【Spring Boot:[Tomcat] Error parsing HTTP request header】

Spring boot: Error parsing HTTP request header
一、问题

Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.

Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level. 
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
	at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:468)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:260)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1598)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)

大致意思:请求信息中出现了错误。

二、分析
  1. 一般接口都正常,只有 http://172.18.8.114:8760/api/authority/enums?ts=1654582788439&codes[]=DataScopeType 发生异常,而其中包含了"[]"特殊字符,说明是请求信息中有特殊字符导致的。

  2. 异常来源,Spring boot服务,一直运行正常,由于需要对请求方法做过滤,基于内置Tomcat运行的,所以对内置的Tomcat的相关配置,而后开始出现此错误,故错误一定出现在,新增的对于Tomcat的配置。

    /**
     * 配置SpringBoot内置的Tomcat的请求接口,url在anno/下的所有接口,均不许使用"HEAD|PUT|DELETE..."等方法访问
     * @author HFL
     * @date 2022/6/19:40
     */
    @Configuration
    public class TomcatConfiguration {
    
        @Bean
        public ConfigurableServletWebServerFactory configurableServletWebServerFactory(){
            TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();
            factory.addContextCustomizers(context -> {
                SecurityConstraint securityConstraint = new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/anno/*");
                collection.addMethod("HEAD");
                collection.addMethod("PUT");
                collection.addMethod("DELETE");
                collection.addMethod("TRACE");
                collection.addMethod("OPTIONS");
                collection.addMethod("PATCH");
                collection.addMethod("COPY");
                collection.addMethod("SEARCH");
                collection.addMethod("PROPFIND");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            });
            return factory;
        }
    
    }
    
三、解决

查找资料,找到三种解决方式:

  1. 将请求参数进行encodeURI处理 (未测试 不推荐)

    encodeURL(参数)
    
  2. 降低Tomcat版本,看着就不靠谱 (未测试 不推荐)

  3. 增加Tomcat的TomcatServletWebServerFactory的配置,使其请求可以包含特殊字符”#<>[\]^`{|}“ (测试有效 推荐使用)

    /**
     * 配置SpringBoot内置的Tomcat的请求接口:
     * 项目请求地址是,anno/下的所有接口,
     * 均不许使用"HEAD|PUT|DELETE|TRACE|OPTIONS|PATCH|COPY|SEARCH"请求方式访问
     * @author HFL
     * @date 2022/6/19:40
     */
    @Configuration
    public class TomcatConfiguration {
    
        @Bean
        public ConfigurableServletWebServerFactory configurableServletWebServerFactory(){
            TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();
            factory.addContextCustomizers(context -> {
                SecurityConstraint securityConstraint = new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/anno/*");
                collection.addMethod("HEAD");
                collection.addMethod("PUT");
                collection.addMethod("DELETE");
                collection.addMethod("TRACE");
                collection.addMethod("OPTIONS");
                collection.addMethod("PATCH");
                collection.addMethod("COPY");
                collection.addMethod("SEARCH");
                collection.addMethod("PROPFIND");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            });
            //请求信息中允许包含”#<>[\]^`{|}“等特殊字符
            factory.addConnectorCustomizers((Connector connector) -> {
                connector.setProperty("relaxedPathChars","\"#<>[\\]^`{|}");
                connector.setProperty("relaxedQueryChars","\"#<>[\\]^`{|}");
            });
            return factory;
        }
    
    }
    
四、注意
  1. 对于ContextCustomizers的配置,是针对请求接口中出现WebDAV低危漏洞做出的处理,只出现Error parsing HTTP request header此错误,无需对ContextCustomizers进行配置,只配置特殊字符即可,如下配置。

    /**
     * 允许请求信息中允许包含#<>[\]^`{|}等特殊字符
     * @author HFL
     * @date 2022/6/19:40
     */
    @Configuration
    public class TomcatConfiguration {
    
        @Bean
        public ConfigurableServletWebServerFactory configurableServletWebServerFactory(){
            TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();
            //请求信息中允许包含"#<>[\]^`{|}"等特殊字符
            factory.addConnectorCustomizers((Connector connector) -> {
                connector.setProperty("relaxedPathChars","\"#<>[\\]^`{|}");
                connector.setProperty("relaxedQueryChars","\"#<>[\\]^`{|}");
            });
            return factory;
        }
    
    }
    
  2. 文中提到的除"[]"的其他特殊字符本人未做详细测试,使用者请自行测试。

五、参考

1.异常 org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
2.Spring boot 报错 Error parsing HTTP request header

  • 1
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值