Allow URIs with Slash and Backslash in Apache Tomcat¶
By default, Apache Tomcat returns an error (400 - Bad Request) if a
client sends a request to a URL that contains the characters %2F
or
%5C
. They are the URL-encoded characters for /
and \
respectively. This characters are forbidden to avoid attackers to work
around the context restrictions of Apache Tomcat.
This affects the Denodo RESTful Web service and the published REST Web
services as you do not have access to databases or views whose name
contains any of these characters. You do not have access either to rows
of views whose primary key value contains any of these characters and
you want to retrieve them with their primary key. E.g.
http://localhost:9090/denodo-restfulws/support/views/customer/1%2F2
)
To disable this protection on the Tomcat embedded in the Denodo Platform, on which these services are deployed, follow these steps:
Open the Denodo Platform Control Center
Click Configure
Click JVM Options
In the Web container box, add the following to the current value (before adding this, leave a space after the last character of the existing value):
-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true
Restart the Virtual DataPort server.
When the variable ALLOW_ENCODED_SLASH
is true
, Tomcat allows
URLs to contain %2F
.
When the variable ALLOW_BACKSLASH
is true
, Tomcat allows URLs to
contain %5C
.