I'm getting a ton of errors in production for
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL was not normalized.
Supposedly this is caused by a //
in my urls, but I have no idea where they are coming from. How can I tell what url is causing this? Hard to fix when you don't know what's going on.
I do realize that there is a related question, but that doesn't address how to diagnose the problem URLs. It only addresses how to turn off the strict firewall.
Sorry for not posting this as a comment, but I can't do that yet.
Have you tried another logging level and logging to a file? I am not home right now, but if not try these lines:
logging.level.=ERROR
logging.file=/home/spring.log
Maybe also try DEBUG as logging level
Otherwhys (allthough a bit hacky) try to just replace every //
with a /
As a third option I found this script, you might get it to work.
@ExceptionHandler(RequestRejectedException.class)
@ResponseStatus(HttpStatus.BAD_REQUEST)
public String handleRequestRejectedException(final HttpServletRequest request, final RequestRejectedException ex)
{
if (LOGGER.isLoggable(Level.INFO))
{
LOGGER.log(Level.INFO, "Request Rejected", ex);
}
LOGGER.log(Level.WARNING, "Rejected request for [" + request.getRequestURL().toString() + "]. Reason: " + ex.getMessage());
return "errorPage";
}
Good luck, if you don't succeed I will be back tomorrow.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With