我在生产中收到大量错误
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL was not normalized.
据推测,这是由我的网址中的a引起的,但我不知道它们来自哪里。我如何知道是什么网址导致了这种情况?当您不知道发生了什么时,很难修复。//
我确实意识到有一个相关的问题,但这并不能解决如何诊断问题URL。它仅解决如何关闭严格防火墙的问题。
很抱歉没有将此作为评论发布,但我还不能这样做。
您是否尝试过其他日志记录级别并记录到文件?我现在不在家,但如果没有,请尝试以下几行:
logging.level.=ERROR
logging.file=/home/spring.log
也许还可以尝试将 DEBUG 作为日志记录级别
Otherwhys(虽然有点笨拙)试图用一个替换每个///
作为第三个选项,我找到了这个脚本,你可能会让它工作。
@ExceptionHandler(RequestRejectedException.class)
@ResponseStatus(HttpStatus.BAD_REQUEST)
public String handleRequestRejectedException(final HttpServletRequest request, final RequestRejectedException ex)
{
if (LOGGER.isLoggable(Level.INFO))
{
LOGGER.log(Level.INFO, "Request Rejected", ex);
}
LOGGER.log(Level.WARNING, "Rejected request for [" + request.getRequestURL().toString() + "]. Reason: " + ex.getMessage());
return "errorPage";
}
祝你好运,如果你不成功,我明天会回来的。
HttpFirewall将在甚至的最开始检查请求,然后再调用 中的任何筛选器。因此,您最好的选择是设置a,将其放在前面,用于捕获和记录其详细信息。FilterChainProxySecurityFilterChainFilterFilterChainProxyFilterRequestRejectedException
(1) 实现一个捕获此异常的筛选器:
public class LogFilter implements Filter{
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)throws IOException, ServletException {
try {
chain.doFilter(request, response);
} catch (Exception e) {
if( e instanceof RequestRejectedException ) {
logger.info("Catch RequestRejectedException....");
logger.info((HttpServletRequest)request).getRequestURI()); //log the request detail such as its URI
}
throw e;
}
}
}
(2) 配置并注册过滤器
@Bean
public FilterRegistrationBean someFilterRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(new LogFilter());
registration.addUrlPatterns("/*");
registration.setOrder(RegistrationBean.HIGHEST_PRECEDENCE); //Must has higher precedence than FilterChainProxy
return registration;
}
