Bug 50734 - 400 Bad Request when there are no web applications deployed on Tomcat 6.0.32
400 Bad Request when there are no web applications deployed on Tomcat 6.0.32
Status: RESOLVED FIXED
Product: Tomcat 6
Classification: Unclassified
Component: Catalina
6.0.32
PC Windows XP
: P2 normal (vote)
: default
Assigned To: Tomcat Developers Mailing List
:
: 51116 (view as bug list)
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2011-02-08 11:14 UTC by Violeta Georgieva
Modified: 2011-09-09 18:45 UTC (History)
2 users (show)



Attachments
400 Bad Request issue - patch proposal (899 bytes, patch)
2011-02-09 04:42 UTC, Violeta Georgieva
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Violeta Georgieva 2011-02-08 11:14:59 UTC
Hi,

I have the following use case:
I have no web applications deployed on Tomcat. 
Nevertheless when I request a web application: http://localhost:8080/testapp
Instead of the expected 404 Not Found I'm receiving 400 Bad Request.

This scenario is tested on 6.0.32 and 7.0.8, it is working as expected on 7.0.8.

While searching the code for both versions, I can see that in 7.0.8 you have the following:

org.apache.catalina.connector.CoyoteAdapter.postParseRequest(Request, Request, Response, Response)
...
            // If there is no context at this point, it is likely no ROOT context
            // has been deployed
            if (request.getContext() == null) {
                res.setStatus(404);
                res.setMessage("Not found");
                // No context, so use host
                request.getHost().logAccess(request, response, 0, true);
                return false;
            }
...

In the 6.0.32 version of the same class there is no such statement. When entering org.apache.catalina.core.StandardEngineValve.invoke(Request, Response)
...
        if (host == null) {
            response.sendError
                (HttpServletResponse.SC_BAD_REQUEST,
                 sm.getString("standardEngine.noHost", 
                              request.getServerName()));
            return;
        }

...

the host is null because the context is null. So 400 Bad Request is returned.

Could you please introduce the check from Tomcat 7.0.8 in Tomcat 6.0.x. I think that 404 Not Found is more appropriate for this use case and not 400 Bad Request. The 400 status code typically is returned in case the request cannot be fulfilled due to bad syntax.

Thanks in advance
Best Regards
Violeta Georgieva
Comment 1 Christopher Schultz 2011-02-08 15:47:58 UTC
For more context:

http://markmail.org/message/3tpkhfqrsblzyiwd

In that thread, Pid offhandedly mentions a suggestion from Tim (maybe?) that a default ROOT context with no content be created if none is already deployed: this would allow standard "not found" pages to be returned, etc.

Violeta, could you be specific about which patch for 7.0.8 you mean?
Comment 2 Violeta Georgieva 2011-02-09 04:42:50 UTC
Created attachment 26626 [details]
400 Bad Request issue - patch proposal

Hi,
Patch is made based on Tomcat 6.0.32 sources.
Regards
Violeta
Comment 3 Mark Thomas 2011-02-11 11:15:18 UTC
Thanks for the patch. I have proposed it for 6.0.x
Comment 4 Mark Thomas 2011-02-15 12:57:48 UTC
The patch has been applied to 6.0.x and will be included in 6.0.33 onwards.

Thanks again.
Comment 5 jfclere 2011-04-26 04:18:43 UTC
*** Bug 51116 has been marked as a duplicate of this bug. ***
Comment 6 Chris 2011-09-09 14:06:05 UTC
This patch has a side effect in my configuration that uses some technical valves that will no longer be called if a context does not exist for the requested URL (for example, my valve was able to report how many requests failed due to invalid context mapping indicating some kind of hacking or misconfiguration going on).

As a workaround, i had to declare a dummy ROOT context (pointing to an empty directory) so that the v

I can understand we want to report a 404 but i consider patch should be plugged where 400 is reported (not so early) to report 404 only if no host is matching.
Comment 7 Konstantin Kolinko 2011-09-09 18:45:42 UTC
(In reply to comment #6)
> This patch has a side effect in my configuration that uses some technical
> valves that will no longer be called if a context does not exist for the
> requested URL (for example, my valve was able to report how many requests
> failed due to invalid context mapping indicating some kind of hacking or
> misconfiguration going on).

1. There is a number of other ways how a request can fail. AccessLogValve support was improved in 6.0.30. You may find all places in the code where access logging is triggered.

Anyway, you do not provide much details, and I do not see why this use case may be of any importance.

If you want to provide more details, open a new issue. This one is fixed.

> 
> As a workaround, i had to declare a dummy ROOT context (pointing to an empty
> directory) so that the v
> 

2. This is a valid workaround. I do not see any problem with it. In essence, any sane Tomcat installation must have a ROOT webapp.

> I can understand we want to report a 404 but i consider patch should be plugged

I do not quite understand your proposal. I'd be better if you could provide a patch to illustrate it.

> where 400 is reported (not so early) to report 404 only if no host is matching.

Re-closing as FIXED.