Dear Maxim,
Thank you for guiding us to enable maximum logging to identify the cause of network connection failure in OpenMeetings service. We enabled advanced logging in our data center firewalls, namely Proxy server, network hardware firewall, Web application firewall and load balancer. This helped identify the mis-configuration in this data center infrastructure. After suitably modifying the configuration, vanilla OM 3.3.0 is working fine in our data center network. Your prompt responsiveness allows OpenMeetings open source project to be a standout. Post this successful test, we added our extensive customizations (to attract investors, customers and partners), built our custom version of OpenMeetings and launched it into production for use by our partners, employees and customers. Thank you. Sincerely, Hemant K. Sabat Coscend Communications Solutions www.Coscend.com <http://www.coscend.com/> ------------------------------------------------------------------ Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly… ------------------------------------------------------------------ CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: http://www.Coscend.com/Terms_and_Conditions.html From: Maxim Solodovnik [mailto:[email protected]] Sent: Thursday, July 27, 2017 11:28 PM To: Openmeetings user-list <[email protected]>; [email protected] Subject: Re: OM 3.3.0: IllegalArgumentException Upon Entering Room via Proxy Server The issue is not reproducible using "vanilla" OM This means it is caused by your proxy server (apache, nginx etc.) so you have to enable detailed logs at your proxy server especially rewrite related logs On Fri, Jul 28, 2017 at 11:14 AM, Coscend@OM <[email protected] <mailto:[email protected]> > wrote: Dear Maxim, To insert loggers and print stack traces, could you guide us as follows? Upon parsing through code, we realized that the security header filters (perhaps backported from 4.0.0) are -declared and instantiated in Application.java and -a few initialized in OpenmeetingsVariables.java. >From where could we diff the new code of CVE-2017-76**, e.g., for CSRF, XSS, >click-jacking, and MIME attacks? We could not find JIRA issues so that we >could review the diff. Should this thread be deemed to belong to dev@..., please post it accordingly. Thank you. Sincerely, Hemant K. Sabat Coscend Communications Solutions www.Coscend.com <http://www.coscend.com/> ------------------------------------------------------------------ Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly… ------------------------------------------------------------------ CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: http://www.Coscend.com/Terms_and_Conditions.html From: Maxim Solodovnik [mailto:[email protected] <mailto:[email protected]> ] Sent: Thursday, July 27, 2017 8:32 PM To: Openmeetings user-list <[email protected] <mailto:[email protected]> >; [email protected] <mailto:[email protected]> Subject: Re: OM 3.3.0: IllegalArgumentException Upon Entering Room via Proxy Server Hello Hemant, Since it works without proxy, I guess the issue with proxy rules I believe you need to enable maximum logging for mod_rewrite and check what is being rewrited ... On Fri, Jul 28, 2017 at 2:44 AM, Coscend@OM <[email protected] <mailto:[email protected]> > wrote: Dear OpenMeetings Community, Your guidance on how to resolve the following two issues would be appreciated. ===== Issue ------- Through the proxy server, we are able to login to OpenMeetings. Upon entering room, it gives Error 204, 556, 642 (see attached). NetConnection. Failed. No feature in the room works. If we bypass proxy server, OpenMeetings works seamlessly. No customization has been done. What could be causing this error? Causes -------- 1. INFO: Error parsing HTTP request header java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens 2. Security framework of XStream not initialized, XStream is probably vulnerable. Is this just a warning or code fault? ------------------- Relevant Logs ------------------- ...[snipped] Security framework of XStream not initialized, XStream is probably vulnerable. ...[snipped] Jul 27, 2017 1:22:41 PM org.apache.coyote.http11.Http11Processor service INFO: Error parsing HTTP request header Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level. java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:422) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:667) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798) at org.apache.tomcat.util.net <http://org.apache.tomcat.util.net> .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1441) at org.apache.tomcat.util.net <http://org.apache.tomcat.util.net> .SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) [INFO] [http-nio-10.10.10.105-6083-exec-2] org.apache.coyote.http11.Http11Processor - Error parsing HTTP request header Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level. java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:422) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:667) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798) at org.apache.tomcat.util.net <http://org.apache.tomcat.util.net> .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1441) at org.apache.tomcat.util.net <http://org.apache.tomcat.util.net> .SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) Jul 27, 2017 1:22:41 PM org.apache.coyote.http11.Http11Processor service INFO: Error parsing HTTP request header Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level. java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:422) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:667) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798) at org.apache.tomcat.util.net <http://org.apache.tomcat.util.net> .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1441) at org.apache.tomcat.util.net <http://org.apache.tomcat.util.net> .SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) [INFO] [http-nio-10.10.10.105-6083-exec-9] org.apache.coyote.http11.Http11Processor - Error parsing HTTP request header Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level. java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:422) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:667) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798) at org.apache.tomcat.util.net <http://org.apache.tomcat.util.net> .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1441) at org.apache.tomcat.util.net <http://org.apache.tomcat.util.net> .SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) << OLE Object: Picture (Device Independent Bitmap) >> Sincerely, Hemant K. Sabat Coscend Communications Solutions <http://www.coscend.com/> www.Coscend.com ------------------------------------------------------------------ Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly… ------------------------------------------------------------------ CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Terms_and_Conditions.html> http://www.Coscend.com/Terms_and_Conditions.html <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> Virus-free. <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> www.avg.com -- WBR Maxim aka solomax -- WBR Maxim aka solomax --- This email has been checked for viruses by AVG. http://www.avg.com
