SPS 12.52 SP1 returningHTTP 400 Bad Request error message Whenever a URL that has %2F which is the hex code for / is submitted to it.
Example of URL
GET http://_host.example.com/test/transpolar/PageSets('%2FUI2%2FFiori2LaunchpadHome')?$expand=Pages/PageChipInstances/Chip/ChipBags/ChipProperties HTTP/1.1
Both Apache and Tomcat intentionally reject URIs with an encoded slash (%2F for / and %5C for \) to prevent possible security vulnerabilities such as CVE-2007-0450 and CVE-2007-0450 related attacks.
To Instruct Apache / Tomcat within SPS to process the URI ,please follow the below Steps
**** Step 1 --> Apache
Please modify httpd.conf file found under \CA\secure-proxy\httpd\conf and include the below
1) AllowEncodedSlashes NoDecode
2) JkOptions +ForwardURICompatUnparsed
The AllowEncodedSlashes directive allows URLs which contain encoded path separators (%2F for / and additionally %5C for \ on accordant systems) to be used in the path info.
a) With the default value, Off, such URLs are refused with a 404 (Not found) error.
b) With the value On, such URLs are accepted, and encoded slashes are decoded like all other encoded characters.
c) With the value NoDecode, such URLs are accepted, but encoded slashes are not decoded but left in their encoded state.
Setting the JKOptions to ForwardURICompatUnparsed: forwarded URI will be unparsed.
**** Step 2 --> Tomcat
To Instruct Tomcat to allow the encoded slash ,please Edit the \CA\secure-proxy\proxy-engine\conf\SmSpsProxyEngine.properties and add the below to the JAVA_OPTIONS
Add the below to your NETE_SPS_PROXYENGINE_CMD
1) -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
2) -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true
Example
NETE_SPS_PROXYENGINE_CMD="%NETE_SPS_JAVA_HOME%\bin\java.exe" -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true -Dfile.encoding=UTF-8 -Djavax.net.debug=all -Xms512m -Xmx1024m -XX:MaxPermSize=256M -Dcatalina.base="%NETE_SPS_TOMCAT_HOME%" -Dcatalina.home="%NETE_SPS_TOMCAT_HOME%" -Djava.endorsed.dirs="%NETE_SPS_TOMCAT_HOME%\endorsed" -Djava.io.tmpdir="%NETE_SPS_TOMCAT_HOME%\temp" -DHTTPClient.log.mask=0 -DHTTPClient.Modules="HTTPClient.RetryModule|org.tigris.noodle.NoodleCookieModule|HTTPClient.DefaultModule" -Dlogger.properties="%NETE_SPS_TOMCAT_HOME%/properties/logger.properties" -DSM_AGENT_LOG_CONFIG="%STS_AGENT_LOG_CONFIG_FILE%" -classpath "%NETE_SPS_TOMCAT_HOME%\bin\proxybootstrap.jar;%NETE_SPS_TOMCAT_HOME%\properties;%NETE_SPS_JAVA_HOME%\lib\tools.jar;%NETE_SPS_TOMCAT_HOME%\bin\bootstrap.jar;%NETE_SPS_ROOT%\resources;%NETE_SPS_ROOT%\agentframework\java\cryptoj.jar" com.netegrity.proxy.ProxyBootstrap -config "%NETE_SPS_ROOT%/proxy-engine/conf/server.conf"
**** Step 3 --> Restart your SPS services for the changes to be applied