org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String “”/**””

org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String “”/**””

The error message designates that a request was rejected by the Spring Security firewall because the URL contained a potentially malicious string "//" or "/***/".
It looks like the StrictHttpFirewall class in Spring Security is responsible for detecting and rejecting potentially malicious URLs. In this case, it is likely configured to reject any URLs containing "//" due to security concerns. This behavior is intended to protect the application from various attacks, such as path traversal or injection attacks.
Let’s consider an example to illustrate this error. Suppose you have a web application where users can view profile pages. The profile page URLs are structured like this: http://myWebApp.com/profile/{username}.
Now, imagine a malicious user tries to manipulate the URL by appending "//" to it like this: http://myWebApp.com/profile//{username}.The Spring Security firewall, specifically the StrictHttpFirewall, is configured to detect and block potentially malicious URLs. When it encounters the manipulated URL with "//", it raises a RequestRejectedException because it considers this pattern as suspicious and possibly indicative of an attempted attack.
To resolve this issue, you may need to review the request that triggered this error and ensure that it does not contain any malicious strings. Additionally, you might need to adjust the configuration of the StrictHttpFirewall to allow certain URLs if they are legitimate in your application.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *