You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Sean Dawson <se...@gmail.com> on 2019/02/07 19:01:30 UTC
Invalid character found in method name. HTTP method names must be tokens
Hello, we're using Tomcat 8.5_35 on Linux (CentOS7) and Windows (2016
Server and above) and here and there we see this in the logs...
org.apache.coyote.http11.AbstractHttp11Processor.process Error parsing HTTP
request header
Note: further occurrences of HTTP header parsing errors will be logged at
DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method
name. HTTP method names must be tokens
at
org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(AbstractNioInputBuffer.java:232)
I can provide the full stack trace if needed. But we've determined it
arises due to requests like this (from the access logs)...
"-" 400 -
I don't know how that happens. Maybe hacking attempt?
If I use Google, all I can find for the exception is that someone is
attempting to use https instead of http (their server is configured for the
latter only). We're using https on our server.
It's very difficult to search for the request line above.
What is this from? Or at least, is there a way to stop the exception stack
from showing up in the logs? Thanks.
Re: Invalid character found in method name. HTTP method names must be tokens
Posted by Sean Dawson <se...@gmail.com>.
On Thu, Feb 7, 2019 at 6:57 PM Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Sean,
>
> On 2/7/19 14:01, Sean Dawson wrote:
> > Hello, we're using Tomcat 8.5_35 on Linux (CentOS7) and Windows
> > (2016 Server and above) and here and there we see this in the
> > logs...
> >
> > org.apache.coyote.http11.AbstractHttp11Processor.process Error
> > parsing HTTP request header Note: further occurrences of HTTP
> > header parsing errors will be logged at DEBUG level.
> > java.lang.IllegalArgumentException: Invalid character found in
> > method name. HTTP method names must be tokens at
> > org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(Abstr
> actNioInputBuffer.java:232)
> >
> > I can provide the full stack trace if needed. But we've determined
> > it arises due to requests like this (from the access logs)...
> >
> > "-" 400 -
> >
> > I don't know how that happens. Maybe hacking attempt?
>
> What is the source IP? Many monitoring systems and load-balancers use
> weird requests like that, so it might not be an attack.
>
>
I think it was North or South Korea, or China. It was not from somewhere we
have customers.
Thanks to you and Mark for your replies.
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxcxe0ACgkQHPApP6U8
> pFjc3xAAvh/9tv/0CiK42iM+/zq6Nwg2+OZiGKBr5YFC9kj77DlmTz2OZOXKDC8j
> oSnhqEp7F1PTQ8vAtUJqCcTkrA/8Ul37mn4oOw8zmSowkQcofhDiMIzo0DwTXGmQ
> uJHwKfrwNcb480bF3PhQAydzLN+BsSbmJVMl2YKbpJ9VALj1pG3uqQ9r3/C7hM5a
> 6oJkqOLT/9EM8HW5Nu5InlMz6R+j0sNTZEAQhwYBY3S+tNHatQi5j7BXZbKu9J05
> M3UIe49nTYa45FjdybFPRJ5dy9JK4UZPwZGXCgqu4zrKX3XhgIS8LM0EZgN8M92E
> IUuIW9ZdbaSB2I4BJUSQu8mrBJYpJJJnM8Ku4oFuh0/YxITniTdykBr+SblAIV4t
> fb9aCvWysw/A/LKLvt/8I0Xgxqn1Vxw86iFXIDD4k/Q6hgB8nZPdCzAIt4fvUiwP
> zVdv2FzBI1YPpjXF77GMPNamEa711UxsjxlYRkErULwUkhopd+khM0/3QYhgIONw
> xCEeAiBQ85h3XnkgQqz/unecAkTi7s7yi09DBHCk52I4LW7/ZlT0jtjelVA/seCa
> +Tk2r5xvxhrOJn4wiyTCnLxV0YEucQzZVNErH0NB9Kl2UstaM/bsDNGEJT7HR+QK
> egD2Zm89nrwzX+EVS++T7SxX6r1EjZV32Qn5t3jpr2d/djmHGEM=
> =jeRq
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Invalid character found in method name. HTTP method names must be
tokens
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Sean,
On 2/7/19 14:01, Sean Dawson wrote:
> Hello, we're using Tomcat 8.5_35 on Linux (CentOS7) and Windows
> (2016 Server and above) and here and there we see this in the
> logs...
>
> org.apache.coyote.http11.AbstractHttp11Processor.process Error
> parsing HTTP request header Note: further occurrences of HTTP
> header parsing errors will be logged at DEBUG level.
> java.lang.IllegalArgumentException: Invalid character found in
> method name. HTTP method names must be tokens at
> org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(Abstr
actNioInputBuffer.java:232)
>
> I can provide the full stack trace if needed. But we've determined
> it arises due to requests like this (from the access logs)...
>
> "-" 400 -
>
> I don't know how that happens. Maybe hacking attempt?
What is the source IP? Many monitoring systems and load-balancers use
weird requests like that, so it might not be an attack.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxcxe0ACgkQHPApP6U8
pFjc3xAAvh/9tv/0CiK42iM+/zq6Nwg2+OZiGKBr5YFC9kj77DlmTz2OZOXKDC8j
oSnhqEp7F1PTQ8vAtUJqCcTkrA/8Ul37mn4oOw8zmSowkQcofhDiMIzo0DwTXGmQ
uJHwKfrwNcb480bF3PhQAydzLN+BsSbmJVMl2YKbpJ9VALj1pG3uqQ9r3/C7hM5a
6oJkqOLT/9EM8HW5Nu5InlMz6R+j0sNTZEAQhwYBY3S+tNHatQi5j7BXZbKu9J05
M3UIe49nTYa45FjdybFPRJ5dy9JK4UZPwZGXCgqu4zrKX3XhgIS8LM0EZgN8M92E
IUuIW9ZdbaSB2I4BJUSQu8mrBJYpJJJnM8Ku4oFuh0/YxITniTdykBr+SblAIV4t
fb9aCvWysw/A/LKLvt/8I0Xgxqn1Vxw86iFXIDD4k/Q6hgB8nZPdCzAIt4fvUiwP
zVdv2FzBI1YPpjXF77GMPNamEa711UxsjxlYRkErULwUkhopd+khM0/3QYhgIONw
xCEeAiBQ85h3XnkgQqz/unecAkTi7s7yi09DBHCk52I4LW7/ZlT0jtjelVA/seCa
+Tk2r5xvxhrOJn4wiyTCnLxV0YEucQzZVNErH0NB9Kl2UstaM/bsDNGEJT7HR+QK
egD2Zm89nrwzX+EVS++T7SxX6r1EjZV32Qn5t3jpr2d/djmHGEM=
=jeRq
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Invalid character found in method name. HTTP method names must be
tokens
Posted by Mark Thomas <ma...@apache.org>.
On 07/02/2019 19:01, Sean Dawson wrote:
> Hello, we're using Tomcat 8.5_35 on Linux (CentOS7) and Windows (2016
> Server and above) and here and there we see this in the logs...
>
> org.apache.coyote.http11.AbstractHttp11Processor.process Error parsing HTTP
> request header
> Note: further occurrences of HTTP header parsing errors will be logged at
> DEBUG level.
> java.lang.IllegalArgumentException: Invalid character found in method
> name. HTTP method names must be tokens
> at
> org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(AbstractNioInputBuffer.java:232)
>
> I can provide the full stack trace if needed. But we've determined it
> arises due to requests like this (from the access logs)...
>
> "-" 400 -
>
> I don't know how that happens. Maybe hacking attempt?
>
> If I use Google, all I can find for the exception is that someone is
> attempting to use https instead of http (their server is configured for the
> latter only). We're using https on our server.
>
> It's very difficult to search for the request line above.
>
> What is this from?
Like the message says, someone submitted a request with an invalid HTTP
method. Something like:
AAA:XXX /index.html HTTP/1.1
Host: your.server.com
etc.
> Or at least, is there a way to stop the exception stack
> from showing up in the logs? Thanks.
-Dorg.apache.juli.logging.UserDataHelper.CONFIG=DEBUG_ALL
moves all messages to debug level.
NONE stops them completely.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org