Summary

Doing certain actions on newer versions of Confluence which contains newer versions of tomcat, will results with 400 - Bad Request Invalid character found in the request target error message

Steps to replicate #1 - Subscribing to RSS feeds

1. On any space, go to Space Tools > Content Tools > RSS Feed
   • Alternatively, go to <base_URL>/spaces/listrssfeeds.action?key=<space_key>
2. Click on any links: Pages, Blog, Mail, Comments, Attachments, All Content
3. Expected Results: Prompts for RSS file

Steps to replicate #2 - Clicking the "Go to included page" option in Excerpt Include macro when page contains square bracket

1. Create page A which contains square brackets in the page title for example: "Page with [square] brackets"
2. Create page B.
3. Add Excerpt Include macro and point it to the page A
4. Save the Page B, Edit mode for page B
5. Click on Excerpt macro and then navigate to "Go to Included Page" button
6. Expected Results: Page A "Page with [square] brackets" will be opened

Actual Results

Following error is returned in the UI:

HTTP Status 400 – Bad Request
Type Exception Report

Message Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

Description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

Exception

java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:467)
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:294)
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770)
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
java.lang.Thread.run(Thread.java:748)
Note The full stack trace of the root cause is available in the server logs.

Notes

The Apache Tomcat server, which is a web server used by Confluence, is filtering out requests that contain special characters. That’s because Tomcat is using a different encoding and URI standard than most browsers.

See also Apache Tomcat 8.5 http docs for more details:

relaxedPathChars:

The HTTP/1.1 specification requires that certain characters are %nn encoded when used in URI paths. Unfortunately, many user agents including all the major browsers are not compliant with this specification and use these characters in unencoded form. To prevent Tomcat rejecting such requests, this attribute may be used to specify the additional characters to allow. If not specified, no additional characters will be allowed. The value may be any combination of the following characters:

" < > [ \ ] ^ ` { | } 

. Any other characters present in the value will be ignored.

Workaround

Specify tomcat to allow the special characters. For the above issues, we only need to allow the comma "," character.

1. Go to <confluence_install>/conf, backup, and edit the server.xml file.
2. Find all connectors your application is using. Just search for Connector in the file, or look at the example below. You're interested only in connectors whose protocol is set to HTTP and HTTPS (not AJP).
3. Add relaxedQueryChars="[,]" to the connector properties in server.xml. For example:

           <Connector port="26156" connectionTimeout="20000" redirectPort="8443"
                      maxThreads="48" minSpareThreads="10"
                      enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
   				   relaxedQueryChars="[,]"
                      protocol="org.apache.coyote.http11.Http11NioProtocol"/>
   

   • If the above workaround does not work, try specifying the other characters by adding the following in server.xml instead:

     relaxedPathChars="[]|"
     relaxedQueryChars="[]|{}^\`"<>"
     

4. Restart Confluence