Return 400 status for invalid URI #25291
Labels
in:Web Components
release bug
This bug is present in a released version of Open Liberty
release:23009
team:Sirius
Projects
Milestone
Describe the bug
com.ibm.ws.webcontainer.set400SCOnTooManyParentDirs="true" does not have an effect. Default value is false.
Also need a shortname for it in Liberty
Steps to Reproduce
When a request URI has too many traverse path characters (i.e /contextRoot/../../../../../index.jsp ), the request is rejected with a 500 status code. It should have rejected with a 400 (Bad Request).
Expected behavior
After set com.ibm.ws.webcontainer.set400SCOnTooManyParentDirs="true", request with too many path traversal character (i.e /../../ ) should be returned with 400 Bad Request.
Diagnostic information:
Additional context
Note: Servlet-6.0+ returns 400 Bad Request without any additional property.
The text was updated successfully, but these errors were encountered: