Re: Tomcat8.5.53: HTTP requests parsing error

[Mark Thomas]

On 26/05/2021 09:02, Nada Mahmoud Ahmed Aboueata wrote:
Dear all,
We are using Tomcat 8.5.53, and I have been noticing the attached below 
exceptions in my logs. After looking deeply what kind of requests that 
caused these exception, I noticed that some request include Null http 
protocol and some special characters that cannot be handled by Tomcat. 
Also, we have noticed that these kind of requests might crash the web 
server from time-time and caused OutOfMemoryError.

That is highly unlikely. When an invalid request is received, Tomcat 
responds with a 400 response and closes the connection. The opportunity 
for an OOME is slim to nonexistant.

I am not sure if this issue is a bug in Tomcat 8.x that it cannot handle 
these requests, so could you please advise what’s recommended to avoid 
these exceptions?

There error message is clear:

"Invalid character found in the request target. The valid characters are 
defined in RFC 7230 and RFC 3986."

The client is sending an invaild HTTP request and Tomcat is, correctly, 
rejecting it.

The recommended way to address isses such as this is to fix the broken 
clients that are sending invalid HTTP requests.

Mark



02-Mar-2021 01:33:04.846 INFO 
[https-jsse-nio-185.37.108.150-8443-exec-31] 
org.apache.coyote.http11.Http11Processor.service Error parsing HTTP 
request header

Note: further occurrences of HTTP request parsing errors will be logged 
at DEBUG level.

         java.lang.IllegalArgumentException: Invalid character found in 
the HTTP protocol

                 at 
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:567)

                 at 
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:502)

                 at 
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)

                 at 
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818)

                 at 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623)

                 at 
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                 at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

                 at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

                 at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                 at java.lang.Thread.run(Thread.java:748)

24-May-2021 23:04:00.693 INFO 
[https-jsse-nio-185.37.108.150-8443-exec-309] 
org.apache.coyote.http11.Http11Processor.service Error parsing HTTP 
request header

Note: further occurrences of HTTP request parsing errors will be logged 
at DEBUG level.

               java.lang.IllegalArgumentException: Invalid character 
found in the request target. The valid characters are defined in RFC 
7230 and RFC 3986

                              at 
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:502)

                              at 
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:502)

                              at 
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)

                              at 
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818)

                              at 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623)

                              at 
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                              at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

                              at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

                              at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                              at java.lang.Thread.run(Thread.java:748)

Thanks!

Nada Aboueata



Nada Mahmoud Ahmed Aboueata
Application Developer
Information Technology Services Department
Tel.: +974 4403 6369
Fax: +974 4403 3401
Qatar University <http://www.qu.edu.qa>QU on Facebook 
<https://www.facebook.com/qataruniversity> QU on Twitter 
<https://twitter.com/qataruniversity> QU on YouTube 
<http://www.youtube.com/qataruniversity> QU on LinkedIn 
<http://www.linkedin.com/company/43068> QU on Instagram 
<http://instagram.com/qataruniversity> QU on Google+ 
<https://plus.google.com/+qataruniversity/posts> 	

*Our Vision:* To be regionally recognized for distinctive excellence in 
education and research, an institution of choice for students and 
scholars and a catalyst for the sustainable socio-economic development 
of Qatar.

*رؤيتنا*: أن تعرف جامعة قطر إقليمياً بتميزها النوعي في التعليم والبحث 
وبكونها الخيار المفضل لطلبة العلم والباحثين ومحفزاً للتنمية الاقتصادية 
والاجتماعية المستدامة لدولة قطر.




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org