如何防止 Spring 引导应用程序中格式错误的请求的异常日志
How to prevent exception logs of malformed requests in Spring Boot Application
Spring 引导 2.6.x
May 11 14:08:41 ubuntu java[1831]: 2022-05-11 14:08:41.239 INFO 1831 --- [nio-2023-exec-7] o.apache.coyote.http11.Http11Processor : Error parsing HTTP request header
May 11 14:08:41 ubuntu java[1831]: Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
May 11 14:08:41 ubuntu java[1831]: java.lang.IllegalArgumentException: Invalid character found in method name [0xff0x0a0x00D0x000x080xc10xff...]. HTTP method names must be tokens
May 11 14:08:41 ubuntu java[1831]: at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:419)
May 11 14:08:41 ubuntu java[1831]: at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:271)
May 11 14:08:41 ubuntu java[1831]: at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
May 11 14:08:41 ubuntu java[1831]: at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890)
May 11 14:08:41 ubuntu java[1831]: at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743)
May 11 14:08:41 ubuntu java[1831]: at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
May 11 14:08:41 ubuntu java[1831]: at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
May 11 14:08:41 ubuntu java[1831]: at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
May 11 14:08:41 ubuntu java[1831]: at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
May 11 14:08:41 ubuntu java[1831]: at java.base/java.lang.Thread.run(Thread.java:833)
May 11 14:39:04 ubuntu java[1831]: 2022-05-11 14:39:04.939 INFO 1831 --- [nio-2023-exec-3] o.apache.coyote.http11.Http11Processor : Error parsing HTTP request header
May 11 14:39:04 ubuntu java[1831]: Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
May 11 14:39:04 ubuntu java[1831]: java.lang.IllegalArgumentException: Invalid character found in the HTTP protocol [RTSP/1.00x0d0x0a0x0d0x0a...]
May 11 14:39:04 ubuntu java[1831]: at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:570)
May 11 14:39:04 ubuntu java[1831]: at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:271)
May 11 14:39:04 ubuntu java[1831]: at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
May 11 14:39:04 ubuntu java[1831]: at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890)
May 11 14:39:04 ubuntu java[1831]: at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743)
May 11 14:39:04 ubuntu java[1831]: at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
May 11 14:39:04 ubuntu java[1831]: at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
May 11 14:39:04 ubuntu java[1831]: at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
May 11 14:39:04 ubuntu java[1831]: at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
May 11 14:39:04 ubuntu java[1831]: at java.base/java.lang.Thread.run(Thread.java:833)
注意异常部分:
method name [0xff0x0a0x00D0x000x080xc10xff...],
HTTP protocol [RTSP/1.00x0d0x0a0x0d0x0a...]
这些必须是随机传入的攻击请求。
有什么方法可以防止这些异常日志吗?
这是一个经常重启的服务吗?例如,您收到 starts-up Tomcat 的请求,然后 shuts-down,只是为了在那之后重新启动另一个请求?
Tomcat 只会在 INFO 级别记录您在上面看到的每 运行 一次消息,之后的消息将在 DEBUG 级别记录(就像消息说的那样):
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
因此它不会记录每个错误...只是每次 HttpProcessor 为 re-initialized.
时的第一个错误
如果这些日志消息令人讨厌,您有以下几种选择:
- 调查为什么您会收到这样的损坏请求并尽量减少它们(修复损坏的客户端?使用防火墙?)
- 保持Tomcat 运行宁更长时间;您的日志中的错误会更少
- 将 org.apache.coyote.http11.Http11Processor 记录器的日志级别设置为
ERROR
Spring 引导 2.6.x
May 11 14:08:41 ubuntu java[1831]: 2022-05-11 14:08:41.239 INFO 1831 --- [nio-2023-exec-7] o.apache.coyote.http11.Http11Processor : Error parsing HTTP request header
May 11 14:08:41 ubuntu java[1831]: Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
May 11 14:08:41 ubuntu java[1831]: java.lang.IllegalArgumentException: Invalid character found in method name [0xff0x0a0x00D0x000x080xc10xff...]. HTTP method names must be tokens
May 11 14:08:41 ubuntu java[1831]: at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:419)
May 11 14:08:41 ubuntu java[1831]: at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:271)
May 11 14:08:41 ubuntu java[1831]: at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
May 11 14:08:41 ubuntu java[1831]: at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890)
May 11 14:08:41 ubuntu java[1831]: at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743)
May 11 14:08:41 ubuntu java[1831]: at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
May 11 14:08:41 ubuntu java[1831]: at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
May 11 14:08:41 ubuntu java[1831]: at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
May 11 14:08:41 ubuntu java[1831]: at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
May 11 14:08:41 ubuntu java[1831]: at java.base/java.lang.Thread.run(Thread.java:833)
May 11 14:39:04 ubuntu java[1831]: 2022-05-11 14:39:04.939 INFO 1831 --- [nio-2023-exec-3] o.apache.coyote.http11.Http11Processor : Error parsing HTTP request header
May 11 14:39:04 ubuntu java[1831]: Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
May 11 14:39:04 ubuntu java[1831]: java.lang.IllegalArgumentException: Invalid character found in the HTTP protocol [RTSP/1.00x0d0x0a0x0d0x0a...]
May 11 14:39:04 ubuntu java[1831]: at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:570)
May 11 14:39:04 ubuntu java[1831]: at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:271)
May 11 14:39:04 ubuntu java[1831]: at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
May 11 14:39:04 ubuntu java[1831]: at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890)
May 11 14:39:04 ubuntu java[1831]: at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743)
May 11 14:39:04 ubuntu java[1831]: at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
May 11 14:39:04 ubuntu java[1831]: at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
May 11 14:39:04 ubuntu java[1831]: at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
May 11 14:39:04 ubuntu java[1831]: at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
May 11 14:39:04 ubuntu java[1831]: at java.base/java.lang.Thread.run(Thread.java:833)
注意异常部分:
method name [0xff0x0a0x00D0x000x080xc10xff...],
HTTP protocol [RTSP/1.00x0d0x0a0x0d0x0a...]
这些必须是随机传入的攻击请求。
有什么方法可以防止这些异常日志吗?
这是一个经常重启的服务吗?例如,您收到 starts-up Tomcat 的请求,然后 shuts-down,只是为了在那之后重新启动另一个请求?
Tomcat 只会在 INFO 级别记录您在上面看到的每 运行 一次消息,之后的消息将在 DEBUG 级别记录(就像消息说的那样):
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
因此它不会记录每个错误...只是每次 HttpProcessor 为 re-initialized.
时的第一个错误如果这些日志消息令人讨厌,您有以下几种选择:
- 调查为什么您会收到这样的损坏请求并尽量减少它们(修复损坏的客户端?使用防火墙?)
- 保持Tomcat 运行宁更长时间;您的日志中的错误会更少
- 将 org.apache.coyote.http11.Http11Processor 记录器的日志级别设置为
ERROR