问题
I am using jetty-9.2.2 with CometD-3.0.1. I am seeing below warning in my setup. It comes ~4,5 times in a day.:
2014-08-28 08:50:53.712:WARN:oejh.HttpParser:qtp607635164-15194: badMessage:
400 Illegal character for HttpChannelOverHttp@5946f125{r=1,a=IDLE,uri=-}
There is no details that can be debugged from the warning message. I have already logged a request https://bugs.eclipse.org/bugs/show_bug.cgi?id=443049 to provide detailed warning.
Meanwhile I want to know what is causing this warning? Can I ignore this or some messages are lost because of this?
回答1:
I had the same error, then found out that it was caused by I'm using https in the url instead of http. (My application only supports http at that time.) After changing https to http, it was solved.
回答2:
Update May 2017
For Jetty 9.3+ users, you might see a log message that makes this response code more clear.
See Header parse error after upgrade to Jetty 9.3 for details.
Original Answer
The Bad Message: 400 Illegal Character can occur during parsing of a bad HTTP Request.
That is the HTTP error response that the client sees.
Some (not all) situations in which it can occur.
- The EOL is not "\r\n" (CR + LF) (HTTP spec requirement)
- The HTTP Method token is either not recognized or has invalid whitespace after it
- The HTTP Version is not recognized or has invalid characters
- HTTP Header name does not follow spec
- HTTP Header value does not follow spec
This message is common on public (internet facing) servers.
You have bad HTTP requests coming in. Why?
- A legitimate HTTP client has a bug
- A legitimate HTTP client is not following the HTTP spec
- A non HTTP client attempted to connect to your server (such as attempting to use non-encrypted HTTP on a SSL/TLS/HTTPS port, or even something as odd as an SMTP/IMAP email client attempting to talk to your HTTP port)
- A malicious client is attempting to probe your system for weaknesses
回答3:
This error can be caused, as it was for me, by a silly little mistake.
When testing on my localhost Jetty instance, I received a very similar 400 Illegal Character message. Then I realized why. I had simply assumed application address on my local Jetty was:
https://localhost:8080
whereas the correct address was unsecured:
http://localhost:8080
No problems after that.
回答4:
Jetty is cautious about detailed error messages that include user sent data, as these can be part of an attack - even if echo'd just to a terminal.
However, we can do better and log some sanitised data. Acting on the bugzilla
回答5:
Well, I met this problem because I mistook the "http://" as "https://"
来源:https://stackoverflow.com/questions/25625410/jetty-9-warning-badmessage-400-illegal-character