Bug 64483 - AJP connector allowedRequestAttributesPattern failures not logged
Summary: AJP connector allowedRequestAttributesPattern failures not logged
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Connectors (show other bugs)
Version: unspecified
Hardware: PC All
: P2 enhancement (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2020-05-31 08:35 UTC by Stephen Booth
Modified: 2020-06-02 10:38 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Stephen Booth 2020-05-31 08:35:00 UTC
If a request fails the allowedRequestAttributesPattern check a 403 is returned for the request but nothing is visible in the default logging.

This check should only fail as a result of server mis-configuration or malicious action. Both cases would benefit from something in the server logs even if only to help people find the right part of the documentation to look at.
Comment 1 Mark Thomas 2020-06-02 09:44:22 UTC
Fair point. I'll take a look.
Comment 2 Mark Thomas 2020-06-02 10:38:35 UTC
Fixed in:
- master for 10.0.0-M6 onwards
- 9.0.x for 9.0.36 onwards
- 8.5.x for 8.5.56 onwards
- 7.0.x for 7.0.105 onwards