--- jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/buf/UDecoder.java.orig	2004-11-24 11:55:55.000000000 -0500
+++ jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/buf/UDecoder.java	2007-04-27 14:30:13.000000000 -0400
@@ -29,6 +29,9 @@
  */
 public final class UDecoder {
     
+    protected static final boolean ALLOW_ENCODED_SLASH = 
+        Boolean.valueOf(System.getProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH", "false")).booleanValue();
+    
     public UDecoder() 
     {
     }
@@ -62,6 +65,8 @@
 	// idx will be the smallest positive inxes ( first % or + )
 	if( idx2 >= 0 && idx2 < idx ) idx=idx2;
 	if( idx < 0 ) idx=idx2;
+    
+	boolean noSlash = !(ALLOW_ENCODED_SLASH || query);
 
 	for( int j=idx; j<end; j++, idx++ ) {
 	    if( buff[ j ] == '+' && query) {
@@ -80,6 +85,9 @@
 		
 		j+=2;
 		int res=x2c( b1, b2 );
+                if (noSlash && (res == '/')) {
+                    throw new CharConversionException( "noSlash");
+                }
 		buff[idx]=(byte)res;
 	    }
 	}
@@ -121,7 +129,8 @@
 	
 	if( idx2 >= 0 && idx2 < idx ) idx=idx2; 
 	if( idx < 0 ) idx=idx2;
-
+    
+	boolean noSlash = !(ALLOW_ENCODED_SLASH || query);
 	for( int j=idx; j<cend; j++, idx++ ) {
 	    if( buff[ j ] == '+' && query ) {
 		buff[idx]=( ' ' );
@@ -140,6 +149,9 @@
 		
 		j+=2;
 		int res=x2c( b1, b2 );
+		if (noSlash && (res == '/')) {
+		    throw new CharConversionException( "noSlash");
+            	}
 		buff[idx]=(char)res;
 	    }
 	}
--- jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteAdapter.java.orig	2004-11-24 11:55:18.000000000 -0500
+++ jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5/CoyoteAdapter.java	2007-04-27 14:30:13.000000000 -0400
@@ -54,6 +54,8 @@
  {
     private static Log log = LogFactory.getLog(CoyoteAdapter.class);
 
+    protected static final boolean ALLOW_BACKSLASH = 
+        Boolean.valueOf(System.getProperty("org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH", "false")).booleanValue();
     // -------------------------------------------------------------- Constants
 
 
@@ -232,8 +234,8 @@
                 req.getURLDecoder().convert(decodedURI, false);
             } catch (IOException ioe) {
                 res.setStatus(400);
-                res.setMessage("Invalid URI");
-                throw ioe;
+                res.setMessage("Invalid URI: " + ioe.getMessage());
+                return false;
             }
             // Normalization
             if (!normalize(req.decodedURI())) {
@@ -473,8 +475,13 @@
         // Replace '\' with '/'
         // Check for null byte
         for (pos = start; pos < end; pos++) {
-            if (b[pos] == (byte) '\\')
-                b[pos] = (byte) '/';
+            if (b[pos] == (byte) '\\') {
+                if (ALLOW_BACKSLASH) {
+                    b[pos] = (byte) '/';
+                } else {
+                    return false;
+                }
+            }
             if (b[pos] == (byte) 0)
                 return false;
         }