访问日志中的奇怪请求导致IllegalArgumentException [英] Strange requests in access logs lead to IllegalArgumentException
问题描述
我正在使用tomcat8.0.43作为服务器.
I am using tomcat8.0.43 as my server.
在查看日志时,偶尔会看到:
When reviewing my logs, occasionally I see:
[...] INFO [...] org.apache.coyote.http11.AbstractHttp11Processor.process解析HTTP请求标头时发生错误
注意:HTTP的进一步出现标头解析错误将记录在DEBUG级别.java.lang.IllegalArgumentException:在HTTP协议
[...]INFO[...] org.apache.coyote.http11.AbstractHttp11Processor.process Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level. java.lang.IllegalArgumentException: Invalid character found in the HTTP protocol
或者:
java.lang.IllegalArgumentException:在请求目标.有效字符在RFC 7230和RFC中定义3986
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
如果我查看访问日志,就会发现请求产生这些异常的网址是:
If I look at my access logs, I see that the urls that were requested to yield these exceptions were things like:
"GET/scripts/index.php?OPT_Session= null" 400
"GET /scripts/index.php?OPT_Session= null" 400
或:
获取null无效" 400
"GET null null" 400
我是否能正确识别导致引发异常的请求?
Was I correct in identifying the requests that caused the exceptions to be thrown?
我能做些什么来阻止抛出这些异常或限制发出这些请求吗?
Is there anything that I can do to stop these exceptions from being thrown or restrict these requests from being made?
普通的浏览器甚至不允许客户端输入带有空格的URL.看来这些请求中确实有空格.
A normal browser doesn't even allow a client to enter a url with a space in it. It appears these requests do have spaces in them though.
谢谢.
推荐答案
请求很可能是攻击.如果您正在运行面向Internet的Web服务器,则必须与它们一起使用.在Tomcat的前面放置一个Apache服务器之类的Web服务器是很普遍的,可能使用mod_security( https://modsecurity.org ).另外,您可以使用fail2ban或类似的解决方案,以便根据日志中的错误来禁止IP.但是,根据我最近的经验,攻击者倾向于使用各种各样的IP地址,因此fail2ban可能不是很有效.
The requests are most probably attacks. If you are running an Internet-facing web server you have to live with them. It is fairly common to put a web server such as Apache in front of Tomcat, possibly configured with mod_security (https://modsecurity.org). In addition you could use fail2ban or a similar solution in order to ban IPs based on errors in the log. However, in my recent experience attackers tend to use a wide range of IP addresses, so fail2ban may not be very effective.
这篇关于访问日志中的奇怪请求导致IllegalArgumentException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
