Symptom
Inbound HTTP/SOAP/OData/AS2/AS4 call to Cloud Integration fails with HTTP 500 internal server error.
Example HTML response for SOAP call:
<head><title>HTTP Status 500 – Internal Server Error</title></head>
If a SOAP endpoint is called from another integration flow, the caller gets an error message with content:
org.apache.cxf.interceptor.Fault - Response was of unexpected text/html ContentType
Note that the actual error messages may differ if other HTTP-based adapters are involved.
Sometimes there is a Message Processing Log and you see one of the following error texts:
-
The request was rejected because the header value “…" is not allowed.
-
The request was rejected because the header value "/C=DE /ST=ÃŽle-de-France/CN=some_value” is not allowed.
This behavior is observed only in the following cases:
- You run Cloud Integration in the Cloud Foundry environment.
- You use Cloud Integration releases with version 2108 and higher (for older releases, the same call works without problems).
- The client sends an HTTP header that includes CR LF (carriage return and line feed) or other illegal header characters, or the client uses mTLS with a client certificate that contains non-ASCII characters in the subject DN name.
For Kibana logs of the worker node the following applies:
- Logs contain the matching HTTP request (type=request, layer=[CF.RTR]) with status code 500.
- Near the request there's a log (note that parts can differ). The stacktrace contains one of the following strings:
- org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the header value “…" is not allowed.
- org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the header value "/C=DE /ST=ÃŽle-de-France/CN=some_value” is not allowed.
The first stack trace appears if the HTTP request contains an HTTP header with CRLF or an HTTP header with a non-ASCII character; the second stack trace appears if mTLS is used with a client certificate that contains non-ASCII characters in the subject DN name.
Read more...
Environment
SAP BTP Cloud Foundry environment
Product
Keywords
SAP Cloud Integration, HTTP header, invalid character , KBA , LOD-HCI-PI-RT , Integration Runtime , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.