APAR status
Closed as program error.
Error description
Broker wide http listener and embedded listener works based on HTTP/1.1 specification(https://tools.ietf.org/rfc/rfc7230.txt) which doesn't allow Special characters in query string. However, a user would like to have an option to relax the restricction and specify special characters like " < > [ \ ] ˆ ` { | }" in query string.
Local fix
Problem summary
**************************************************************** USERS AFFECTED: All Users of IBM Integration Bus 10.0.0.9 onwards hosting webservices and permitting http clients to invoke them with special characters in URL Platforms affected: z/OS, MultiPlatform **************************************************************** PROBLEM DESCRIPTION: From IBM Integration Bus 10.0.0.9 onwards, additional checks will be performed for valid characters to the HTTP request line. If an invalid character in the request line is not percent-encoded, then the request will be rejected with a http response "400 BAD REQUEST". The invalid characters which are not allowed for a request URL are < > [ \ ] ` { | } A user may want an option to lift this restriction and allow the characters as-is
Problem conclusion
A user is encouraged to percent-encode special characters in the request URL before invoking, as the special characters can cause a security breach in the product. For those who do not want to percent-encode characters in request URL, two new properties are introduced under HTTP(S)Connector resource of integration server and integration node HTTP listener parameters. <div>-n relaxedPathChars</div><div> </div><div> The HTTP/1.1 specification requires that certain characters are %nn encoded when used in URI paths. It the special characters are not encoded, the listener will reject the request with a http code '400 BAD <span style="background-color:rgb(255, 255, 255)">REQUEST</span>'. Set this property to allow those additional characters in URI paths. The value may be any combination of the following characters: " < > [ \ ] ^ ` { | } . Any other characters present in the value will be ignored.</div><div> </div><div>-n relaxedQueryChars</div><div> </div><div> The HTTP/1.1 specification requires that certain characters are %nn encoded when used in URI query strings. If the special characters in query string are not encoded, the listener will reject the request with a http code '400 BAD <span style="background-color:rgb(255, 255, 255)">REQUEST</span>'. Set this property to allow those additional characters in the query string. The value may be any combination of the following characters: " < > [ \ ] ^ ` { | } . Any other characters present in the value will be ignored.</div> Example of setting the property is To allow characters [ and < in URL path for integration server https(SSL) listener : mqsichangeproperties <Integration node> -e <Integration server> -o HTTPSConnector -n relaxedPathChars -v '[<' To allow characters {, | and } in query string for integration node http istener : mqsichangeproperties <Integration node> -b httplistener -o HTTPConnector -n <span style="background-color:rgb(255, 255, 255)">relaxedQueryChars </span>-v '{|}' --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v10.0 10.0.0.21 The latest available maintenance can be obtained from: http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041 If the maintenance level is not yet available,information on its planned availability can be found on: http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT28906
Reported component name
INTEGRATION BUS
Reported component ID
5724J0540
Reported release
A00
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-04-24
Closed date
2020-06-10
Last modified date
2020-06-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
INTEGRATION BUS
Fixed component ID
5724J0540
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSNQK6","label":"IBM Integration Bus"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
11 June 2020