I occasionally see this in my catalina log file:
17-Jun-2020 06:29:57.499 INFO [http-nio-8080-exec-2] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)at java.lang.Thread.run(Thread.java:748)
We are set up to use header authentication -- so at https://agora2004.cs.calvin.edu we have an nginx server running as a proxy. It adds the correct header to the http request and forwards to agora2004.cs.calvin.edu:8080 where tomcat9 is listening.
Is it possible that this error is just from some bot trying to connect to 8080 directly? Or is this indicative of some other problem.
BTW, I'm also having routing problems on my installation -- so I cannot go to a subpage right now. I'm wondering if this error is part of that problem.
Prof. Victor Norman
"A designer knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away." -- Antoine de Saint Exupéry
On Wed, Jun 17, 2020 at 8:25 AM Victor Norman <[hidden email]> wrote:
Yes, quite possibly. Generally if you're proxying your Guacamole install behind an Nginx server you want to block direct traffic to the Tomcat server, particularly if Nginx is responsible for authenticating users. Otherwise you run the risk of someone being able to guess at the headers you're using to authenticate and passing themselves off as anyone (like guacadmin).
|Free forum by Nabble||Edit this page|