Awesome! Thanks Mark! Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His
Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. > -----Original Message----- > From: Mark Thomas <ma...@apache.org> > Sent: Saturday, June 3, 2023 8:33 AM > To: users@tomcat.apache.org > Subject: Re: SOAP HTTP error: "HTTP/1.1 400 Bad Request" after upgrade to > 8.5.89. > > On 02/06/2023 21:00, jonmcalexan...@wellsfargo.com.INVALID wrote: > > Good afternoon, > > > > Have a team that just upgraded to 8.5.89 from 8.5.72 and started getting > these messages in the logs: > > > > [2023/06/01][01:05:10.012] : [INIT] - EPMSend (init) - EPMSend = SOAP > > [2023/06/01][01:05:10.012] : [INIT] - EPMSend (init) - SOAPPort = 8443 > > [2023/06/01][01:05:10.012] : [INIT] - EPMSend (init) - SOAPPath = > > [2023/06/01][01:05:10.012] : [INIT] - EPMSend (init) - SOAPURL = > > <Tomcat Instance URL> ... > > [2023/06/01][17:31:01.157] : [EPMSEND] - EPMSend - Established Socket > > to send EPM messages [2023/06/01][17:31:01.227] : [EPMSEND] - EPMSend > > - Error not 200 OK. HTTP error: "HTTP/1.1 400 Bad Request" See reply > > txt message in XMLPathOut directory for > > g:\vdata\epmxml/001-HOU-02-20230530-0001-I-X-200-UPDATEUOW- > 20230601080 > > 446029.xml [2023/06/01][17:31:01.380] : [INIT] - EPMSend (init) - > > EPMSend = SOAP > > > > Is anyone aware of what could potentially be the cause? > > Generally, Tomcat gets stricter enforcing the HTTP specification > requirements over time. This is for a combination of reasons: > - bugs get reported that invalid requests are not rejected > - the HTTP specs are getting stricter over time > - security issues get identified with handling of invalid requests > > If you look in the Coyote section of the change log, you should find all of > the > changes to HTTP request validation listed. A quick scan for > 8.5.72 to 8.5.89 found: > - stricter validation of line termination > - reject requests with malformed content-length headers > - allowHostHeaderMismatch now defaults to false > - rejectIllegalHeader now defaults to true > > I suspect it will be one of the last two. > > If you set the system property > org.apache.juli.logging.UserDataHelper.CONFIG to INFO_ALL you'll get an > INFO level log message for every request that is rejected. > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org
