tomcat升级后出现因http请求特殊符号问题的400错误

最近在扫描项目漏洞时，出现扫描出Application error message问题，百度搜索解决方案是修改web.xml的error-page，但由于错误直接由tomcat拦截处理，这种方式解决不了此问题，后发现是由于tomcat升级后tomcat对http请求特殊符号进行了更严格的控制，如果不符合则报400错误，页面可能会泄露后台信息，因此需要自定义信息

解决此问题需要重写ErrorReportValve这个类的report方法如下

package error;

import java.io.BufferedWriter;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.util.logging.Logger;

import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ErrorReportValve;

public class CustomErrorReportValve extends ErrorReportValve {
  //Create a simple logger
  Logger log = Logger.getLogger(CustomErrorReportValve.class.getName());

  @Override
  protected void report(Request request, Response response, Throwable t) {
      try {
          // Write a more friendly, less technical message to the user
          BufferedWriter out = new BufferedWriter(new OutputStreamWriter(response.getOutputStream()));
          out.write("");
          out.write("
Oops
");
          out.write("
Well, that didn't go as we had expected.
");
          out.write("
Don't worry though, we're working on it.
");
          out.write("");
          out.close();

          // Log the error with your favorite logging framework...
          log.severe("Uncaught throwable was thrown: " + t.getMessage());
      } catch (IOException e) {
          e.printStackTrace();
      }
  }
}

然后修改tomcat的server.xml的以下配置：

 然后重启tomcat就ok了