Issue Details (XML | Word | Printable)

Key: GLASSFISH-18257
Type: Bug Bug
Status: Open Open
Priority: Minor Minor
Assignee: oleksiys
Reporter: benjamin_m
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
glassfish

On URI decode exception the access log is not used

Created: 26/Jan/12 10:28 AM   Updated: 26/Jan/12 12:44 PM
Component/s: grizzly-kernel
Affects Version/s: 3.1_b43
Fix Version/s: None

Time Tracking:
Not Specified

Environment:

Linux x86_64


Tags: grizzly logging
Participants: benjamin_m and oleksiys


 Description  « Hide

When Grizzly throws an "Invalid URI character encoding" exception, the URI is part of the stack trace but the HTTP request info isn't saved on the access log.
This is a problem if the request URI makes it obvious that the requester is trying an exploit/vulnerability.
Without the access log used, there is no way of seeing the IP/hostname of the requester to identify the source of this attack attempt.



No work has yet been logged on this issue.