Confluence log has java.lang.IllegalArgumentException: Invalid character (CR or LF) found in method name

Still need help?

The Atlassian Community is here for you.

Ask the community

This Knowledge Base article was written specifically for the Atlassian Server platform. Due to the Restricted functions in Atlassian Cloud apps, the contents of this article cannot be applied to Atlassian Cloud applications.

Problem

The following appears in the catalina.out or atlassian-confluence.log

Apr 15, 2016 10:44:21 PM org.apache.coyote.http11.AbstractHttp11Processor process
INFO: Error parsing HTTP request header
 Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character (CR or LF) found in method name
    at org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(AbstractNioInputBuffer.java:228)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1009)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

Diagnosis

Environment

  • Confluence running on tomcat
  • If access logging is enabled, they show entries like this

    169.229.3.91 - - [15/Apr/2016:22:44:21 +1000] "-" 400 - "-" "-" null

Cause

A research scanning machine from the University of California at Berkeley regularly conducts scans of the entire Internet, so you may have been scanned as part of an ongoing research project.

The machines the scanning is coming from are

  1. http://researchscan0.eecs.berkeley.edu/
  2. http://researchscan1.eecs.berkeley.edu/
  3. http://researchscan2.eecs.berkeley.edu/
  4. http://researchscan3.eecs.berkeley.edu/
  5. http://researchscan4.eecs.berkeley.edu/

Resolution

If you have been or are currently being scanned and would like to opt out, please email cesr-scanning@lists.eecs.berkeley.edu with the IP ranges you would like to exclude in CIDR format. For most Confluence machines this is the single IP address that the machine is running on.

Last modified on May 24, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.