0

In the context of a Spring Boot web application, the application log shows a huge stack trace every time a client tries to fetch a URL containing invalid characters (such as ';'):

2022-07-20 09:50:31.104 ERROR 22988 --- [io-8082-exec-10] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception

org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String ";"
        at org.springframework.security.web.firewall.StrictHttpFirewall.rejectedBlocklistedUrls(StrictHttpFirewall.java:456) ~[spring-security-web-5.5.4.jar!/:5.5.4]
        at org.springframework.security.web.firewall.StrictHttpFirewall.getFirewalledRequest(StrictHttpFirewall.java:429) ~[spring-security-web-5.5.4.jar!/:5.5.4]
        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:196) ~[spring-security-web-5.5.4.jar!/:5.5.4]
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[spring-security-web-5.5.4.jar!/:5.5.4]

Is there anything I can do to prevent these stack traces from polluting the logs?

geschema
  • 2,464
  • 4
  • 30
  • 41
  • 1
    Could this answer help you? https://stackoverflow.com/questions/51788764/how-to-intercept-a-requestrejectedexception-in-spring – Ismail Jul 20 '22 at 08:45
  • https://stackoverflow.com/a/61607977/63730 works indeed, thanks. – geschema Jul 28 '22 at 17:21

0 Answers0