碼上快樂

相關內容    簡體    繁體

Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level

本文轉載自   查看原文   2021-12-15 18:46   6543    服務器

雲服務器很久沒管過了,今天去看了下雲服務器日志,不看不知道,一看嚇一跳。

日志里竟然是一排的報錯,再翻下此前的日志,每天都報一個錯誤:

    [http-nio-80-exec-10] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
 Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
    java.lang.IllegalArgumentException: Request header is too large
        at org.apache.coyote.http11.Http11InputBuffer.fill(Http11InputBuffer.java:790)
        at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:454)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:269)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1723)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)

 

隨后我去查了一下,網友的說法大致為以下3種:

百度經驗(2021-12-15)

1、Tomcat 的 header 緩沖區不夠

需要在server.xml(tomcat根目錄下的conf目錄)中增加  maxHttpHeaderSize,單位為KB

<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               maxHttpHeaderSize="8192"/>

 

2、Url頭用的是 https

將 https 改成 http 即可(未實驗)

 

3、Url傳參時攜帶了特殊符號

json傳輸的時候包含了{},這就是原因所在、

因為tomcat7某個版本之后,增加了一個新特性,就是嚴格按照RFC3986規范進行訪問解析

而RFC3986規范定義了Url中,只允許包含: 英文字母(a-zA-Z)  數字(0-9)  -_.~ 4個特殊字符

以及所有保留字符(RFC3986中指定了以下字符為保留字符:!*'();:@&=+$,/?#[])

解決方法其實很簡單,可以通過修改 tomca t的 catalina.properties 的最后一行改為

tomcat.util.http.parser.HttpParser.requestTargetAllow=|{}

允許{}即可

 

測試結果

  • 按照 方法1 擴大header緩沖區后並沒有作用

    用的一直是 http 請求頭

    請求參數中並沒有特殊字符

暫時結論

  • GET請求攜帶內容過長,超過了限制長度

  • 中文未轉碼就進行傳輸,實際應用中標准方式是如果Url中有中文,則要先將中文轉碼后才進行請求

  • 2022.04.24 補充:訪問 Url 中包含特殊字符,排查自己項目請求相關代碼、排查服務器日志,是否被攻擊

解決辦法

  • 可以使用 POST 請求

  • 傳參前 對參數長度進行限制

  • 傳參前 對特殊字符進行轉碼

 

補充 ( 2022-04-24 )

今天又去看了下服務器,剛啟動就報了類似錯誤。

經過一番日志翻閱,我初步判定是雲服務器被攻擊了(報錯估計是入侵命令引發的)。

在我發文補充的時候翻閱日志又出現了新的攻擊日志,時不時來條格式化命令(可恨!

真誠建議大家做好雲服務器防護

日志中出現以下內容(下面僅為局部命令,來源查詢全部來自海外,估計是隱藏了IP,特殊部分標紅)

193.46.255.49 - - [24/Apr/2022:00:40:10 +0800] "GET / HTTP/1.1" 404 682
67.227.38.191 - - [24/Apr/2022:01:07:57 +0800] "GET / HTTP/1.1" 404 682
39.103.158.106 - - [24/Apr/2022:01:13:31 +0800] "-" 400 2003
39.103.158.106 - - [24/Apr/2022:01:13:31 +0800] "GET / HTTP/1.1" 404 682
45.83.66.245 - - [24/Apr/2022:01:20:10 +0800] "GET / HTTP/1.1" 404 682
45.83.67.120 - - [24/Apr/2022:01:20:11 +0800] "GET /favicon.ico HTTP/1.1" 404 682
101.133.225.252 - - [24/Apr/2022:01:29:00 +0800] "-" 400 2101
101.133.225.252 - - [24/Apr/2022:01:29:00 +0800] "GET / HTTP/1.1" 404 682
221.154.57.175 - - [24/Apr/2022:02:08:17 +0800] "CONNECT blog.naver.com:80 HTTP/1.1" 400 795
123.163.114.45 - - [24/Apr/2022:02:08:17 +0800] "HEAD / HTTP/1.1" 404 -
221.154.57.175 - - [24/Apr/2022:02:08:49 +0800] "CONNECT blog.naver.com:443 HTTP/1.1" 400 795
198.235.24.2 - - [24/Apr/2022:02:12:40 +0800] "-" 400 2047
167.94.145.57 - - [24/Apr/2022:02:26:40 +0800] "GET / HTTP/1.1" 404 682
167.94.145.57 - - [24/Apr/2022:02:26:40 +0800] "GET / HTTP/1.1" 404 682
178.32.215.187 - - [24/Apr/2022:02:29:15 +0800] "GET /.env HTTP/1.1" 404 682
20.24.218.150 - - [24/Apr/2022:02:48:08 +0800] "GET /.env HTTP/1.1" 404 682
20.24.218.150 - - [24/Apr/2022:02:48:08 +0800] "GET /wp-content/ HTTP/1.1" 404 682
101.133.143.142 - - [24/Apr/2022:03:00:20 +0800] "GET / HTTP/1.1" 404 682
47.103.8.114 - - [24/Apr/2022:03:05:52 +0800] "GET / HTTP/1.1" 404 682
106.75.28.105 - - [24/Apr/2022:03:12:21 +0800] "GET / HTTP/1.1" 404 682
106.75.28.105 - - [24/Apr/2022:03:12:21 +0800] "GET /favicon.ico HTTP/1.1" 404 682
106.75.28.105 - - [24/Apr/2022:03:12:22 +0800] "GET //robots.txt HTTP/1.1" 404 682
106.75.28.105 - - [24/Apr/2022:03:12:22 +0800] "GET //sitemap.xml HTTP/1.1" 404 682
106.75.28.105 - - [24/Apr/2022:03:12:22 +0800] "GET //.well-known/security.txt HTTP/1.1" 404 682
47.102.46.26 - - [24/Apr/2022:03:38:36 +0800] "GET / HTTP/1.1" 404 682
101.133.151.212 - - [24/Apr/2022:03:43:42 +0800] "GET / HTTP/1.1" 404 682
85.202.169.124 - - [24/Apr/2022:04:09:22 +0800] "GET /config/getuser?index=0 HTTP/1.1" 404 682
193.124.7.9 - - [24/Apr/2022:04:33:44 +0800] "POST /boaform/admin/formLogin HTTP/1.1" 404 682
51.222.253.11 - - [24/Apr/2022:05:55:52 +0800] "GET /robots.txt HTTP/1.1" 404 682
54.36.148.229 - - [24/Apr/2022:05:55:53 +0800] "GET / HTTP/1.1" 404 682
18.167.12.103 - - [24/Apr/2022:06:01:21 +0800] "GET / HTTP/1.1" 404 682
2.57.121.232 - - [24/Apr/2022:06:11:28 +0800] "GET / HTTP/1.1" 404 682
83.97.20.34 - - [24/Apr/2022:06:15:09 +0800] "GET / HTTP/1.0" 404 682
18.163.84.222 - - [24/Apr/2022:06:27:13 +0800] "GET / HTTP/1.1" 404 682
75.100.154.140 - - [24/Apr/2022:06:50:24 +0800] "GET /shell?cd+/tmp;rm+-rf+*;wget+ null" 400 1919
91.207.211.45 - - [24/Apr/2022:07:11:10 +0800] "GET / HTTP/1.1" 404 682
52.13.55.80 - - [24/Apr/2022:07:38:59 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:42:48 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:42:52 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:42:54 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:42:56 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:42:58 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:00 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:03 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:05 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:07 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:09 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:11 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:13 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:15 +0800] "CONNECT lvsenbao.cn:443 HTTP/1.1" 400 795
47.101.141.40 - - [24/Apr/2022:07:43:17 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:19 +0800] "CONNECT moyouyougame.com:2743 HTTP/1.1" 400 795
47.101.141.40 - - [24/Apr/2022:07:43:21 +0800] "GET / HTTP/1.1" 404 682
185.41.204.103 - - [24/Apr/2022:08:16:31 +0800] "GET / HTTP/1.1" 404 682
193.46.255.49 - - [24/Apr/2022:08:19:55 +0800] "GET / HTTP/1.1" 404 682
8.219.50.83 - - [24/Apr/2022:08:32:10 +0800] "GET / HTTP/1.1" 400 762
8.219.50.83 - - [24/Apr/2022:08:32:12 +0800] "-" 400 1915
8.219.50.83 - - [24/Apr/2022:08:32:18 +0800] "-" 400 1945
222.94.140.125 - - [24/Apr/2022:08:32:44 +0800] "-" 400 1931
47.92.132.229 - - [24/Apr/2022:08:44:47 +0800] "-" 400 2927
216.218.206.67 - - [24/Apr/2022:08:45:15 +0800] "GET / HTTP/1.1" 404 682
198.235.24.33 - - [24/Apr/2022:08:48:01 +0800] "GET / HTTP/1.1" 404 682
52.89.64.77 - - [24/Apr/2022:09:18:07 +0800] "GET / HTTP/1.1" 404 682

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level Tomcat:Error parsing HTTP request header Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level. tomcat報錯:七月 01, 2019 1:47:55 下午 org.apache.coyote.http11.AbstractHttp11Processor process 信息: Error parsing HTTP request header Note: further occurrences of HTTP header parsing errors will be logged a tomcat報錯: Error parsing HTTP request header Error parsing HTTP request header 錯誤解決方法 在Tomcat中遇到如下問題: Error parsing HTTP request header org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header Error parsing HTTP request header Larger錯誤解決方法 spring cloud provider報“Error parsing HTTP request header”,feign端報“Read timed out“ Parsing error: 'import' and 'export' may only appear at the top level
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM