Class InvalidRequestFilter

  • All Implemented Interfaces:
    Filter, Nameable, PathConfigProcessor

    public class InvalidRequestFilter
    extends AccessControlFilter
    A request filter that blocks malicious requests. Invalid request will respond with a 400 response code.

    This filter checks and blocks the request if the following characters are found in the request URI:

    • Semicolon - can be disabled by setting blockSemicolon = false
    • Backslash - can be disabled by setting blockBackslash = false
    • Non-ASCII characters - can be disabled by setting blockNonAscii = false, the ability to disable this check will be removed in future version.
    See Also:
    This class was inspired by Spring Security StrictHttpFirewall