src/org/redkale/net/http/HttpRequest.java

@@ -121,7 +121,6 @@ public class HttpRequest extends Request<HttpContext> {
         } else {
             this.requestURI = array.toDecodeString(index, offset - index, charset).trim();
         }
-        if (this.requestURI.contains("../")) return -1;
         index = ++offset;
         this.protocol = array.toString(index, array.size() - index, charset).trim();
         while (readLine(buffer, array)) {

src/org/redkale/net/http/HttpResourceServlet.java

@@ -192,6 +192,11 @@ public class HttpResourceServlet extends HttpServlet {
     @Override
     public void execute(HttpRequest request, HttpResponse response) throws IOException {
         String uri = request.getRequestURI();
+        if (uri.contains("../")) {
+            if (finest) logger.log(Level.FINEST, "Not found resource (404) be " + uri + ", request = " + request);
+            response.finish404();
+            return;
+        }
         if (locationRewrites != null) {
             for (SimpleEntry<Pattern, String> entry : locationRewrites) {
                 Matcher matcher = entry.getKey().matcher(uri);