I am using tomcat8.0.43 as my server.
When reviewing my logs, occasionally I see:
[...]INFO[...] org.apache.coyote.http11.AbstractHttp11Processor.process Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level. java.lang.IllegalArgumentException: Invalid character found in the HTTP protocol
Or:
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
If I look at my access logs, I see that the urls that were requested to yield these exceptions were things like:
"GET /scripts/index.php?OPT_Session= null" 400
or:
"GET null null" 400
Was I correct in identifying the requests that caused the exceptions to be thrown?
Is there anything that I can do to stop these exceptions from being thrown or restrict these requests from being made?
A normal browser doesn't even allow a client to enter a url with a space in it. It appears these requests do have spaces in them though.
Thanks.
The requests are most probably attacks. If you are running an Internet-facing web server you have to live with them. It is fairly common to put a web server such as Apache in front of Tomcat, possibly configured with mod_security (https://modsecurity.org). In addition you could use fail2ban or a similar solution in order to ban IPs based on errors in the log. However, in my recent experience attackers tend to use a wide range of IP addresses, so fail2ban may not be very effective.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With