Dear all, We are using Tomcat 8.5.53, and I have been noticing the attached below exceptions in my logs. After looking deeply what kind of requests that caused these exception, I noticed that some request include Null http protocol and some special characters that cannot be handled by Tomcat. Also, we have noticed that these kind of requests might crash the web server from time-time and caused OutOfMemoryError.
I am not sure if this issue is a bug in Tomcat 8.x that it cannot handle these requests, so could you please advise what’s recommended to avoid these exceptions? 02-Mar-2021 01:33:04.846 INFO [https-jsse-nio-185.37.108.150-8443-exec-31] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level. java.lang.IllegalArgumentException: Invalid character found in the HTTP protocol at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:567) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:502) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) 24-May-2021 23:04:00.693 INFO [https-jsse-nio-185.37.108.150-8443-exec-309] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level. java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986 at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:502) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:502) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) Thanks! Nada Aboueata Nada Mahmoud Ahmed Aboueata Application Developer Information Technology Services Department Tel.: +974 4403 6369 Fax: +974 4403 3401 [Qatar University]<http://www.qu.edu.qa>[QU on Facebook]<https://www.facebook.com/qataruniversity> [QU on Twitter] <https://twitter.com/qataruniversity> [QU on YouTube] <http://www.youtube.com/qataruniversity> [QU on LinkedIn] <http://www.linkedin.com/company/43068> [QU on Instagram] <http://instagram.com/qataruniversity> [QU on Google+] <https://plus.google.com/+qataruniversity/posts> Our Vision: To be regionally recognized for distinctive excellence in education and research, an institution of choice for students and scholars and a catalyst for the sustainable socio-economic development of Qatar. رؤيتنا: أن تعرف جامعة قطر إقليمياً بتميزها النوعي في التعليم والبحث وبكونها الخيار المفضل لطلبة العلم والباحثين ومحفزاً للتنمية الاقتصادية والاجتماعية المستدامة لدولة قطر.