Error parsing HTTP request header

Post here your questions about SFS2X. Here we discuss all server-side matters. For client API questions see the dedicated forums.

Moderators: Lapo, Bax

Ber4ber43
Posts: 79
Joined: 30 Apr 2019, 14:35

Error parsing HTTP request header

Postby Ber4ber43 » 24 Apr 2022, 13:11

Hi everyone,

I found this strange request in my online server:

Code: Select all

apr 24, 2022 1:17:06 PM org.apache.coyote.http11.Http11Processor service
INFORMAZIONI: Error parsing HTTP request header
 Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in the request target [/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 ]. The valid characters are defined in RFC 7230 and RFC 3986
        at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:494)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:269)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:895)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1722)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
        at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.base/java.lang.Thread.run(Thread.java:829)

I wonder, is it possible to download some information via an HTTP request?

My best regards
User avatar
Lapo
Site Admin
Posts: 23008
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: Error parsing HTTP request header

Postby Lapo » 25 Apr 2022, 10:50

Hi,
this is the result of some garbage request sent to the embedded HTTP server running with SFS2X.
It can happen, as there are thousands (millions actually) of web-bots scanning the web for all kind of purposes, some of which not very ethical such as trying to find specific vulnerable websites and apps.

These log messages can be annoying but they're generally harmless, unless you get thousands of these per day, in which case it would indicate an ongoing flooding attempt.

Cheers
Lapo
--
gotoAndPlay()
...addicted to flash games
Ber4ber43
Posts: 79
Joined: 30 Apr 2019, 14:35

Re: Error parsing HTTP request header

Postby Ber4ber43 » 26 Apr 2022, 01:54

Hi,
I counted 200 in one day, and I stopped counting.
In this case what can I do?
I tried to ban by IP, but the next day the problem came back with a different IP.
User avatar
Lapo
Site Admin
Posts: 23008
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: Error parsing HTTP request header

Postby Lapo » 26 Apr 2022, 06:32

Banning by IP may not be enough in these cases, because that's for users that actually attempt to login, while in this case it looks like these are just random calls from a client that doesn't even know what SFS2X is.

Blocking the attacker's IP via a firewall would probably be the best solution.
However it may also be that these requests, while annoying, are not really causing any issue to the server itself. In order to determine that you would need to monitor your server and see if you have any significant CPU or network spikes at the time these requests are received.

Cheers
Lapo

--

gotoAndPlay()

...addicted to flash games
Ber4ber43
Posts: 79
Joined: 30 Apr 2019, 14:35

Re: Error parsing HTTP request header

Postby Ber4ber43 » 27 Apr 2022, 00:01

I monitored the network, I receive requests of 300mb and the connection to the server seems absent because it is all busy in that request, but exceeding 50mb the request is interrupted, the problem that I receive many requests of this type, some even from 1gb.

I banned the ip both on smartfox and through the firewall, but after a few hours it comes back with a different ip.

Do you have definitive solutions?
User avatar
Lapo
Site Admin
Posts: 23008
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: Error parsing HTTP request header

Postby Lapo » 27 Apr 2022, 07:39

Hi,
I monitored the network, I receive requests of 300mb and the connection to the server seems absent because it is all busy in that request

I am not sure I understand.
You mean you have big CPU spikes due to very large requests?
How did you determine that a single request was 300MB exactly? And what kind of request are we talking about? HTTP I would expect?

Thanks
Lapo

--

gotoAndPlay()

...addicted to flash games
Ber4ber43
Posts: 79
Joined: 30 Apr 2019, 14:35

Re: Error parsing HTTP request header

Postby Ber4ber43 » 27 Apr 2022, 14:47

From this:

Code: Select all

Message: Incoming request size too large: 1701604463, Current limit: 500000,


Then I wrote a little program that every 5 seconds saves me the use of the network, and when these requests arrive, the use of the network increases to 5mbit, taking up all the bandwidth.
User avatar
Lapo
Site Admin
Posts: 23008
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: Error parsing HTTP request header

Postby Lapo » 28 Apr 2022, 08:54

I see. So it looks like denial of service attack, trying to exhaust the server side resources.
To fight these things you need to analyze the traffic, see what protocols are being used and create firewall rules that can mitigate the attack.

If IP blocking is not enough, you could work with the protocol itself and deny very large requests (especially if coming via HTTP) or limit the frequency of unwanted requests.

Cheers
Lapo

--

gotoAndPlay()

...addicted to flash games
Ber4ber43
Posts: 79
Joined: 30 Apr 2019, 14:35

Re: Error parsing HTTP request header

Postby Ber4ber43 » 28 Apr 2022, 12:26

These are things I've never done, do you have a guide that I can pass on?
User avatar
Lapo
Site Admin
Posts: 23008
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: Error parsing HTTP request header

Postby Lapo » 28 Apr 2022, 14:39

Hi,
sorry I don't have a specific guide. This is a subject that goes beyond SmartFoxServer and has to do with system/network administration in general. If you are not familiar with these concepts I'd rather recommend to get in touch with your hosting support and explain the issues you have seen and ask if they can help mitigating those malicious requests.

Cheers
Lapo

--

gotoAndPlay()

...addicted to flash games
Ber4ber43
Posts: 79
Joined: 30 Apr 2019, 14:35

Re: Error parsing HTTP request header

Postby Ber4ber43 » 29 Apr 2022, 04:14

Their answer: Unfortunately, we cannot limit the traffic routed.
User avatar
Rob
Posts: 53
Joined: 01 Jul 2017, 07:33

Re: Error parsing HTTP request header

Postby Rob » 29 Apr 2022, 09:11

You probably need to switch hosting or look into services from 3rd parties like Cloudflare: https://www.cloudflare.com/ddos/
Ber4ber43
Posts: 79
Joined: 30 Apr 2019, 14:35

Re: Error parsing HTTP request header

Postby Ber4ber43 » 29 Apr 2022, 21:31

Yes, it's time to change hosting.

Return to “SFS2X Questions”

Who is online

Users browsing this forum: Google [Bot] and 62 guests