Jetty-9 warning: badMessage: 400 Illegal character

不想你离开。 提交于 2019-12-30 07:51:43

问题


I am using jetty-9.2.2 with CometD-3.0.1. I am seeing below warning in my setup. It comes ~4,5 times in a day.:

2014-08-28 08:50:53.712:WARN:oejh.HttpParser:qtp607635164-15194: badMessage: 
    400 Illegal character for HttpChannelOverHttp@5946f125{r=1,a=IDLE,uri=-}  

There is no details that can be debugged from the warning message. I have already logged a request https://bugs.eclipse.org/bugs/show_bug.cgi?id=443049 to provide detailed warning.

Meanwhile I want to know what is causing this warning? Can I ignore this or some messages are lost because of this?


回答1:


I had the same error, then found out that it was caused by I'm using https in the url instead of http. (My application only supports http at that time.) After changing https to http, it was solved.




回答2:


Update May 2017

For Jetty 9.3+ users, you might see a log message that makes this response code more clear.

See Header parse error after upgrade to Jetty 9.3 for details.

Original Answer

The Bad Message: 400 Illegal Character can occur during parsing of a bad HTTP Request.

That is the HTTP error response that the client sees.

Some (not all) situations in which it can occur.

  • The EOL is not "\r\n" (CR + LF) (HTTP spec requirement)
  • The HTTP Method token is either not recognized or has invalid whitespace after it
  • The HTTP Version is not recognized or has invalid characters
  • HTTP Header name does not follow spec
  • HTTP Header value does not follow spec

This message is common on public (internet facing) servers.

You have bad HTTP requests coming in. Why?

  • A legitimate HTTP client has a bug
  • A legitimate HTTP client is not following the HTTP spec
  • A non HTTP client attempted to connect to your server (such as attempting to use non-encrypted HTTP on a SSL/TLS/HTTPS port, or even something as odd as an SMTP/IMAP email client attempting to talk to your HTTP port)
  • A malicious client is attempting to probe your system for weaknesses



回答3:


This error can be caused, as it was for me, by a silly little mistake.

When testing on my localhost Jetty instance, I received a very similar 400 Illegal Character message. Then I realized why. I had simply assumed application address on my local Jetty was:

https://localhost:8080

whereas the correct address was unsecured:

http://localhost:8080

No problems after that.




回答4:


Jetty is cautious about detailed error messages that include user sent data, as these can be part of an attack - even if echo'd just to a terminal.

However, we can do better and log some sanitised data. Acting on the bugzilla




回答5:


Well, I met this problem because I mistook the "http://" as "https://"



来源:https://stackoverflow.com/questions/25625410/jetty-9-warning-badmessage-400-illegal-character

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!