We also tried to set the ALLOW_ENCODED_SLASH system property through the "Edit Configuration" dialog in the Elastic Beanstalk console. But, although the property seems to be present, Tomcat still does not allow the use of coded slashes (% 2F).
We believe that the system property ALLOW_ENCODED_SLASH is set correctly, because:
1) We see this property in the java command that starts Tomcat:
/usr/lib/jvm/jre/bin/java -DAWS_ACCESS_KEY_ID= -DAWS_SECRET_KEY= -DJDBC_CONNECTION_STRING= -DPARAM1= -DPARAM2= -DPARAM3= -DPARAM4= -DPARAM5= -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Dhazelcast.native.client=true -Dcom.sun.management.jmxremote -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8765 -XX:MaxPermSize=256m -Xmx1024m -Xms256m -classpath :/usr/share/tomcat7/bin/bootstrap.jar:/usr/share/tomcat7/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat7 -Dcatalina.home=/usr/share/tomcat7 -Djava.awt.headless=true -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat7/temp -Djava.util.logging.config.file=/usr/share/tomcat7/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
2) And since we also get "true" when doing this from our web application:
System.getProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH")
Does anyone know why Tomcat still rejects encoded slashes?
For example, this URL should return JSON saying "Application not found: A / 1":
http:
But instead he says:
The requested URL / v1 / campaign / application / A / 1 / udid / U1 was not found on this server.
This is strange because we tried to use the ALLOW_ENCODED_SLASH property in the local Tomcat and it works fine.
Recently, we have tried another property. This works in both my local Tomcat and AWS:
org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH
I am completely puzzled ...: - /