Strange error in log file

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Strange error in log file

Victor Norman
All,

I occasionally see this in my catalina log file:

17-Jun-2020 06:29:57.499 INFO [http-nio-8080-exec-2] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
 Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
        java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
                at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:416)
                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:260)
                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
                at java.lang.Thread.run(Thread.java:748)

We are set up to use header authentication -- so at https://agora2004.cs.calvin.edu we have an nginx server running as a proxy. It adds the correct header to the http request and forwards to agora2004.cs.calvin.edu:8080 where tomcat9 is listening.

Is it possible that this error is just from some bot trying to connect to 8080 directly?  Or is this indicative of some other problem.

BTW, I'm also having routing problems on my installation -- so I cannot go to a subpage right now. I'm wondering if this error is part of that problem.

thanks.

Vic


Prof. Victor Norman
Computer Science
Calvin College University
-----
"A designer knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away." -- Antoine de Saint Exupéry


Reply | Threaded
Open this post in threaded view
|

Re: Strange error in log file

vnick
On Wed, Jun 17, 2020 at 8:25 AM Victor Norman <[hidden email]> wrote:
All,

I occasionally see this in my catalina log file:

17-Jun-2020 06:29:57.499 INFO [http-nio-8080-exec-2] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
 Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
        java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
                at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:416)
                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:260)
                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
                at java.lang.Thread.run(Thread.java:748)

We are set up to use header authentication -- so at https://agora2004.cs.calvin.edu we have an nginx server running as a proxy. It adds the correct header to the http request and forwards to agora2004.cs.calvin.edu:8080 where tomcat9 is listening.

Is it possible that this error is just from some bot trying to connect to 8080 directly?  Or is this indicative of some other problem.


Yes, quite possibly.  Generally if you're proxying your Guacamole install behind an Nginx server you want to block direct traffic to the Tomcat server, particularly if Nginx is responsible for authenticating users.  Otherwise you run the risk of someone being able to guess at the headers you're using to authenticate and passing themselves off as anyone (like guacadmin).

-Nick