Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring "The request was rejected because the URL was not normalized." How to tell what url was used?

I'm getting a ton of errors in production for

org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL was not normalized.

Supposedly this is caused by a // in my urls, but I have no idea where they are coming from. How can I tell what url is causing this? Hard to fix when you don't know what's going on.

I do realize that there is a related question, but that doesn't address how to diagnose the problem URLs. It only addresses how to turn off the strict firewall.

like image 487
CorayThan Avatar asked Feb 02 '19 03:02

CorayThan


1 Answers

Sorry for not posting this as a comment, but I can't do that yet.

Have you tried another logging level and logging to a file? I am not home right now, but if not try these lines:

logging.level.=ERROR
logging.file=/home/spring.log

Maybe also try DEBUG as logging level

Otherwhys (allthough a bit hacky) try to just replace every // with a /

As a third option I found this script, you might get it to work.

@ExceptionHandler(RequestRejectedException.class)
@ResponseStatus(HttpStatus.BAD_REQUEST)
public String handleRequestRejectedException(final HttpServletRequest request, final RequestRejectedException ex)
{
    if (LOGGER.isLoggable(Level.INFO))
    {
        LOGGER.log(Level.INFO, "Request Rejected", ex);
    }

    LOGGER.log(Level.WARNING, "Rejected request for [" + request.getRequestURL().toString() + "]. Reason: " + ex.getMessage());
    return "errorPage";
}

Good luck, if you don't succeed I will be back tomorrow.

like image 87
GutZuFusss Avatar answered Sep 22 '22 04:09

GutZuFusss