-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Manuel,
On 4/13/20 15:13, Manuel Dominguez Sarmiento wrote: > Thanks Mark. Including the request line (encoded if necessary to > avoid issues with control characters) should definitely help. Yeah, I was thinking that maybe base64-encoding the request line and logging at DEBUG level would be best. I certainly don't want my log file filled-up with script kiddies all the time. - -chris > On 13/04/2020 14:04, Mark Thomas wrote: >> On 13/04/2020 17:25, Manuel Dominguez Sarmiento wrote: >>> Hi, we're reviewing our logs, are we are ocasionally getting >>> the following stack traces: >>> >>> 09-Apr-2020 11:29:19.489 INFO [tomcat-http-81] >>> org.apache.coyote.http11.Http11Processor.service Error parsing >>> HTTP request header Note: further occurrences of HTTP request >>> parsing errors will be logged at DEBUG level. >>> java.lang.IllegalArgumentException: Invalid character found in >>> the request target. The valid characters are defined in RFC >>> 7230 and RFC 3986 at >>> org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11In putBuffer.java:488) >>> >> >>> <snip/> >> >>> We understand this is a consequence of malformed requests, but >>> we cannot seem to pinpoint the cause. It seems these are >>> clients outside of our control (our servers are public-facing). >>> The AccessLogValve does not log these requests, so we cannot >>> figure out what the request line is. Is there any way logging >>> could be improved in order to find out what is causing this? >> The stack trace indicates the problem is in the query string if >> that helps. >> >> Yes, I think we should be able to do something here. The tricky >> part is that as soon as an invalid character is detected we have >> to be a lot more careful as the payload could be malicious. I'm >> not sure if we'll be able to get anything into the access log but >> it should be possible to improve the error message and include >> the problematic request line in some form. You probably won't see >> the exact request line as we'll need to encoded things like >> control characters etc. >> >> I'll look at this for the May round of releases. >> >> Mark >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6XVHoACgkQHPApP6U8 pFjIMw/+MwmQMAUxdPGaiQsr87bIOsJjstnZzdePXQkBArV4C4GkxmLA6Mm4lf19 uwFhH2IhlheR3XpL/BJZeRhUGZ6sQtYzmb6fz0kAiY8VlPlUMxCTHhGp0ClL0DjY cwaL4ZZNgQsySD2aUYOzTW6pByURUfVxgkpxCu4W46q7PZ6bOgULtFnTxwoHosCz PJOliwrVUkRFAHps/vaEM87Dye2h644nDYmYDFBClBjOCmnXmGO7nj/hgMvTzA4F guHS8Tulk0ZQc87f7mYsW5XXwff+Ux7AmMzzC8q2COKiMGQv/hSQLuugn14YcKXF tRHImGWdGkYM5GIgV3FO13pb6moO6PHurh9paW6ob/8vW0HHnTcRWrBBfaqtWswx W1Z6hV83bZjiHNVrm4ZG4mlIjWmIf/QRbnl+sZgIbrmOqOsCi5P2FR4Sj0aRrplN H60Y9c0IoWbaoA/eeLA5UdvynRyFq98E4j4nmyIQyjzvDk4udOQGeiRSqmB5fxEh 8MdR+xFjc8dcNb+/mbijBRXqqCbevp5J3zCuJVafCZoYa90fgQvd7LeRjv3OnkW+ NgNzt7XcoZsb/Jp/6gdqWtRqR87acwZc0mlG/Yss/g4/Zq1ZqeCrpHuKLCiVrP1A TFA0dNhuN+ur5WAwFrjawkdVyaCQB4I7IZxtrN2X2houuvY8da4= =d/gj -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
