https://issues.apache.org/bugzilla/show_bug.cgi?id=51132
Summary: Semicolon
Product: Tomcat 7
Version: 7.0.12
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: dev@tomcat.apache.org
ReportedBy: mmsss...@gmail.com
Created an attachment (id=26941)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26941)
nginx and tomcat's access log and some screenshots
sometimes we use the nginx for load balancing. when send a GET request to
http://127.0.0.1/g/..;/examples/
the nginx will not process "..;/" contained in the request URL,and forward the
request to the real http server such as tomcat or resin.
if the url contains semicolon ";" ,resin will show a message like that "The
request contains an illegal URL.".but tomcat will ignore the semicolon,and
response the resource that we requested.
the problem is if nginx has a rule that just forward request URL which start
with /g/ then the URL "/g/../examples/" would not be forwarded to tomcat; but
the URL like this one "/g/..;/examples/" ,nginx will forward the request and
tomcat will treat it as normal URL,then the examples will be accessed.
we don't hope that the tomcat response the resource which is not allowed;
the attachment contains the nginx and tomcat's log and some screenshot;
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
