Spring "The request was rejected because the URL was not normalized." How to tell what url was used?

Question

I'm getting a ton of errors in production for

org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL was not normalized.

Supposedly this is caused by a // in my urls, but I have no idea where they are coming from. How can I tell what url is causing this? Hard to fix when you don't know what's going on.

I do realize that there is a related question, but that doesn't address how to diagnose the problem URLs. It only addresses how to turn off the strict firewall.

Answer 1

Sorry for not posting this as a comment, but I can't do that yet.

Have you tried another logging level and logging to a file? I am not home right now, but if not try these lines:

logging.level.=ERROR
logging.file=/home/spring.log

Maybe also try DEBUG as logging level

Otherwhys (allthough a bit hacky) try to just replace every // with a /

As a third option I found this script, you might get it to work.

@ExceptionHandler(RequestRejectedException.class)
@ResponseStatus(HttpStatus.BAD_REQUEST)
public String handleRequestRejectedException(final HttpServletRequest request, final RequestRejectedException ex)
{
    if (LOGGER.isLoggable(Level.INFO))
    {
        LOGGER.log(Level.INFO, "Request Rejected", ex);
    }

    LOGGER.log(Level.WARNING, "Rejected request for [" + request.getRequestURL().toString() + "]. Reason: " + ex.getMessage());
    return "errorPage";
}

Good luck, if you don't succeed I will be back tomorrow.