java.lang.IllegalArgumentException：方法名称中找到无效字符（CR或LF） [英] java.lang.IllegalArgumentException: Invalid character (CR or LF) found in method name

问题描述

我在Tomcat8上运行了一个Spring MVC应用程序。一天或两天后，我的日志文件中出现异常

I have a Spring MVC application running on Tomcat8. Once in a day or two I get an exception in my log file

15-Jun-2016 10:43:39.832 INFO [http-nio-8080-exec-50] org.apache.coyote.http11.AbstractHttp11Processor.process Error parsing HTTP request header
 Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
 java.lang.IllegalArgumentException: Invalid character (CR or LF) found in method name
    at org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(AbstractNioInputBuffer.java:228)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1009)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1502)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1458)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

有人知道这是什么可能是？

does anybody have an idea what this might be?

推荐答案

此错误是由格式错误的HTTP请求引起的。
在大多数情况下，此消息具有误导性，因为当您尝试通过https访问不安全的页面时，通常会发生此错误。
Tomcat不知道传入的请求是加密的，并且正在尝试将此请求解释为普通的，不安全的http请求。

This error is caused by malformed HTTP request. In most cases this message is misleading because this error usually happens when you are trying to access unsecured page through https. Tomcat doesn't know that incoming request is encrypted and is trying to interpret this request as plain, unsecured http request.

这就是它在日志中的样子：

标准，正确的HTTP请求（ http：// localhost：8080 ）

Standard, proper HTTP request (http://localhost:8080)

Received [GET /index.html HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.76 Mobile Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, sdch
Accept-Language: pl,en-US;q=0.8,en;q=0.6
Cookie: Idea-xxxxx; JSESSIONID=3dxxxxx

] 

HTTPS请求（ https：// localhost：8080 ）

HTTPS request (https://localhost:8080)

Received [¹µHÄ;ß!P@<¿
                                                                                                                                #|vFBb-Ëiø/5
jÿ

                   hhttp/1.1uP
                               
] 

正如你所看到的在第二个请求中，有未知的字符而不是正确的HTTP方法名称（例如GET）

As you can see in second request, there are unknown chars instead of proper HTTP method name (e.g. GET)

因此，如果您的服务器没有SSL配置并且错误发生一天一次或两个，然后可能有人试图通过https（可能是某种机器人）到达你的网站

So if your server has no SSL configuration and error occurs "once in a day or two", then probably someone is trying to reach your website through https (probably some kind of bot)

最终有人试图发送不安全但格式错误的普通HTTP请求（通过他自己的应用程序 - 机器人或其他自定义客户端。

Eventually someone is trying to send nonsecured but malformed plain HTTP request (through his own application - bot or other custom client).

这篇关于java.lang.IllegalArgumentException：方法名称中找到无效字符（CR或LF）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！