Re: Strange error in log file

Wed, 17 Jun 2020 18:21:10 -0700 

On Wed, Jun 17, 2020 at 8:25 AM Victor Norman <[email protected]> wrote:

> All,
>
> I occasionally see this in my catalina log file:
>
> 17-Jun-2020 06:29:57.499 INFO [http-nio-8080-exec-2]
> org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request
> header
>  Note: further occurrences of HTTP request parsing errors will be logged
> at DEBUG level.
>         java.lang.IllegalArgumentException: Invalid character found in
> method name. HTTP method names must be tokens
>                 at
> org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:416)
>                 at
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:260)
>                 at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
>                 at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
>                 at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
>                 at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>                 at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>                 at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>                 at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>                 at java.lang.Thread.run(Thread.java:748)
>
> We are set up to use header authentication -- so at
> https://agora2004.cs.calvin.edu we have an nginx server running as a
> proxy. It adds the correct header to the http request and forwards to
> agora2004.cs.calvin.edu:8080 where tomcat9 is listening.
>
> Is it possible that this error is just from some bot trying to connect to
> 8080 directly?  Or is this indicative of some other problem.
>
>
Yes, quite possibly.  Generally if you're proxying your Guacamole install
behind an Nginx server you want to block direct traffic to the Tomcat
server, particularly if Nginx is responsible for authenticating users.
Otherwise you run the risk of someone being able to guess at the headers
you're using to authenticate and passing themselves off as anyone (like
guacadmin).

-Nick

>

Reply via email to