Spring Boot 2.6.x
May 11 14:08:41 ubuntu java[1831]: 2022-05-11 14:08:41.239 INFO 1831 --- [nio-2023-exec-7] o.apache.coyote.http11.Http11Processor : Error parsing HTTP request header
May 11 14:08:41 ubuntu java[1831]: Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
May 11 14:08:41 ubuntu java[1831]: java.lang.IllegalArgumentException: Invalid character found in method name [0xff0x0a0x00D0x000x080xc10xff...]. HTTP method names must be tokens
May 11 14:08:41 ubuntu java[1831]: at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:419)
May 11 14:08:41 ubuntu java[1831]: at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:271)
May 11 14:08:41 ubuntu java[1831]: at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
May 11 14:08:41 ubuntu java[1831]: at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890)
May 11 14:08:41 ubuntu java[1831]: at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743)
May 11 14:08:41 ubuntu java[1831]: at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
May 11 14:08:41 ubuntu java[1831]: at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
May 11 14:08:41 ubuntu java[1831]: at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
May 11 14:08:41 ubuntu java[1831]: at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
May 11 14:08:41 ubuntu java[1831]: at java.base/java.lang.Thread.run(Thread.java:833)
May 11 14:39:04 ubuntu java[1831]: 2022-05-11 14:39:04.939 INFO 1831 --- [nio-2023-exec-3] o.apache.coyote.http11.Http11Processor : Error parsing HTTP request header
May 11 14:39:04 ubuntu java[1831]: Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
May 11 14:39:04 ubuntu java[1831]: java.lang.IllegalArgumentException: Invalid character found in the HTTP protocol [RTSP/1.00x0d0x0a0x0d0x0a...]
May 11 14:39:04 ubuntu java[1831]: at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:570)
May 11 14:39:04 ubuntu java[1831]: at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:271)
May 11 14:39:04 ubuntu java[1831]: at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
May 11 14:39:04 ubuntu java[1831]: at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890)
May 11 14:39:04 ubuntu java[1831]: at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743)
May 11 14:39:04 ubuntu java[1831]: at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
May 11 14:39:04 ubuntu java[1831]: at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
May 11 14:39:04 ubuntu java[1831]: at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
May 11 14:39:04 ubuntu java[1831]: at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
May 11 14:39:04 ubuntu java[1831]: at java.base/java.lang.Thread.run(Thread.java:833)
Note the abnormal parts:
method name [0xff0x0a0x00D0x000x080xc10xff...]
,
HTTP protocol [RTSP/1.00x0d0x0a0x0d0x0a...]
These must be randomly incoming attacking requests.
Is there any way to prevent these exception logs?
CodePudding user response:
Is this a service that restarts quite often? Like, you get a request that starts-up Tomcat, then shuts-down, only to restart for another request after that?
Tomcat will only log the message you see above once per run at the INFO
level, and those after that will be logged at the DEBUG
level (just like the message says):
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
So it won't log every error... just the first error for each time the HttpProcessor is re-initialized.
If these log messages become a nuisance, you have a few options:
- Investigate why you are getting broken requests like this and try to minimize them (fix a broken client? use a firewall?)
- Keep Tomcat running for longer; you will get fewer errors on your log
- Set the log level for the org.apache.coyote.http11.Http11Processor logger to
ERROR