2 Replies Latest reply on Mar 26, 2018 9:44 AM by milandesai47

    where to define ALLOW_UNESCAPED_CHARACTERS_IN_URL property to allow characters like {|}`^\><#" in URLs

    milandesai47
    milandesai47 Mar 22, 2018 11:41 AM

      Hi,

      I am using Jboss 7.1 and my application (huge code base) uses special characters like {|}`^\><#"  in URLs. Jboss 6.4 path 17 Redhat resolution to vulnerability that blacklisted those characters in URL, later they gave an option to white list those characters by using -Dtomcat.util.http.parser.HttpParser.requestTargetAllow='{|}`^\><#"' in startup script (standalone.sh). My client upgraded to Jboss 7.1 which uses undertow instead of tomcat.

      Undertow gives same option by boolean ALLOW_UNESCAPED_CHARACTERS_IN_URL under JBEAP-13710  

      code base :: undertow/UndertowOptions.java at master · undertow-io/undertow · GitHub

      For my app I tried this option by adding it as system-property and in startup script but non of them seem to work.

      standalone.xml

      after </extension>

      <system-properties>

      <property name="ALLOW_UNESCAPED_CHARACTERS_IN_URL" value="true"/>

      </system-properties>

       

      standalone.bat

      set "JAVA_OPTS=%JAVA_OPTS% -Dorg.apache.catalina.connector.ALLOW_UNESCAPED_CHARACTERS_IN_URL=TRUE"

       

      please advice.

       

      Thanks in Advance

      • 2050 Views
      • Tags: