Bug 64483 - AJP connector allowedRequestAttributesPattern failures not logged
Summary: AJP connector allowedRequestAttributesPattern failures not logged
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Connectors (show other bugs)
Version: unspecified
Hardware: PC All
: P2 enhancement (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-05-31 08:35 UTC by Stephen Booth
Modified: 2020-06-02 10:38 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stephen Booth 2020-05-31 08:35:00 UTC 
If a request fails the allowedRequestAttributesPattern check a 403 is returned for the request but nothing is visible in the default logging.

This check should only fail as a result of server mis-configuration or malicious action. Both cases would benefit from something in the server logs even if only to help people find the right part of the documentation to look at.
Comment 1 Mark Thomas 2020-06-02 09:44:22 UTC 
Fair point. I'll take a look.
Comment 2 Mark Thomas 2020-06-02 10:38:35 UTC 
Fixed in:
- master for 10.0.0-M6 onwards
- 9.0.x for 9.0.36 onwards
- 8.5.x for 8.5.56 onwards
- 7.0.x for 7.0.105 onwards