tomcat config for special characters

Question

How to prevent request with special character such as [, <, or } (for example https://my.domain.com/[) lead to a tomcat 400 error page?

Answer

Source of the issue:

Starting tomcat 8.5, Tomcat follows the HTTP/1.1 specification making " < > [ \ ] ^ ` { | }  as invalid characters and returns error 400 when used in url path or querystring without being encoded.
This can be configured with the Connector configuration properties:  relaxedPathChars and relaxedQueryChars.

See tomcat Connector configuration documentation

How to fix it:

Tomcat config

Update Tomcat Connector configuration (located in conf/server.xml) relaxedPathChars and relaxedQueryChars to allow the wanted characters.

Proxy filtering

Invalidate/redirect the url using that contains non encoded characters.