Base64 would work. I would suggest the error log makes this explicit, so
whoever looks at it knows how to deal with it and diagnose accordingly.
*Manuel Dominguez Sarmiento*
On 15/04/2020 15:37, Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Manuel,
On 4/13/20 15:13, Manuel Dominguez Sarmiento wrote:
Thanks Mark. Including the request line (encoded if necessary to
avoid issues with control characters) should definitely help.
Yeah, I was thinking that maybe base64-encoding the request line and
logging at DEBUG level would be best. I certainly don't want my log
file filled-up with script kiddies all the time.
- -chris
On 13/04/2020 14:04, Mark Thomas wrote:
On 13/04/2020 17:25, Manuel Dominguez Sarmiento wrote:
Hi, we're reviewing our logs, are we are ocasionally getting
the following stack traces:
09-Apr-2020 11:29:19.489 INFO [tomcat-http-81]
org.apache.coyote.http11.Http11Processor.service Error parsing
HTTP request header Note: further occurrences of HTTP request
parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in
the request target. The valid characters are defined in RFC
7230 and RFC 3986 at
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11In
putBuffer.java:488)
<snip/>
We understand this is a consequence of malformed requests, but
we cannot seem to pinpoint the cause. It seems these are
clients outside of our control (our servers are public-facing).
The AccessLogValve does not log these requests, so we cannot
figure out what the request line is. Is there any way logging
could be improved in order to find out what is causing this?
The stack trace indicates the problem is in the query string if
that helps.
Yes, I think we should be able to do something here. The tricky
part is that as soon as an invalid character is detected we have
to be a lot more careful as the payload could be malicious. I'm
not sure if we'll be able to get anything into the access log but
it should be possible to improve the error message and include
the problematic request line in some form. You probably won't see
the exact request line as we'll need to encoded things like
control characters etc.
I'll look at this for the May round of releases.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6XVHoACgkQHPApP6U8
pFjIMw/+MwmQMAUxdPGaiQsr87bIOsJjstnZzdePXQkBArV4C4GkxmLA6Mm4lf19
uwFhH2IhlheR3XpL/BJZeRhUGZ6sQtYzmb6fz0kAiY8VlPlUMxCTHhGp0ClL0DjY
cwaL4ZZNgQsySD2aUYOzTW6pByURUfVxgkpxCu4W46q7PZ6bOgULtFnTxwoHosCz
PJOliwrVUkRFAHps/vaEM87Dye2h644nDYmYDFBClBjOCmnXmGO7nj/hgMvTzA4F
guHS8Tulk0ZQc87f7mYsW5XXwff+Ux7AmMzzC8q2COKiMGQv/hSQLuugn14YcKXF
tRHImGWdGkYM5GIgV3FO13pb6moO6PHurh9paW6ob/8vW0HHnTcRWrBBfaqtWswx
W1Z6hV83bZjiHNVrm4ZG4mlIjWmIf/QRbnl+sZgIbrmOqOsCi5P2FR4Sj0aRrplN
H60Y9c0IoWbaoA/eeLA5UdvynRyFq98E4j4nmyIQyjzvDk4udOQGeiRSqmB5fxEh
8MdR+xFjc8dcNb+/mbijBRXqqCbevp5J3zCuJVafCZoYa90fgQvd7LeRjv3OnkW+
NgNzt7XcoZsb/Jp/6gdqWtRqR87acwZc0mlG/Yss/g4/Zq1ZqeCrpHuKLCiVrP1A
TFA0dNhuN+ur5WAwFrjawkdVyaCQB4I7IZxtrN2X2houuvY8da4=
=d/gj
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
