英文:
Seemingly random calls to /error in Spring Boot
问题
我在一个部署在AWS EC2实例上的Spring Boot应用程序中注意到了一些警告日志,这些警告在本地环境中从未见过:
05:16:45.271 [http-nio-8080-exec-4] WARN o.s.w.s.m.s.DefaultHandlerExceptionResolver - Resolved [org.springframework.web.HttpMediaTypeNotAcceptableException: Could not parse 'Accept' header [/]: Invalid mime type "/": does not contain subtype after '/']
这些警告似乎每天至少发生几次,而且发生时间似乎是随机的。我添加了一些额外的日志,发现这些调用来自于 '/error'。
12:09:18.648 [http-nio-8080-exec-9] WARN c.a.h.config.CustomExceptionResolver - Resolved [org.springframework.web.HttpMediaTypeNotAcceptableException: Could not parse 'Accept' header [/]: Invalid mime type "/": does not contain subtype after '/'] for request: /error for user: null
是否有人知道这些调用是从哪里发起的?我该如何进一步追踪它们?或者是否只是可以忽略的内容?这个服务是公开可用的,所以这可能只是一些随机的机器人,但我很想找出更多信息。
英文:
I have a spring boot app deployed on an AWS EC2 instance. I've noticed in the logs some warnings which I've never seen locally:
05:16:45.271 [http-nio-8080-exec-4] WARN o.s.w.s.m.s.DefaultHandlerExceptionResolver - Resolved [org.springframework.web.HttpMediaTypeNotAcceptableException: Could not parse 'Accept' header [/]: Invalid mime type "/": does not contain subtype after '/']
These seem to occur at least a few times a day, at what seems to be random times. I added some extra logging and see these calls are coming from '/error'.
12:09:18.648 [http-nio-8080-exec-9] WARN c.a.h.config.CustomExceptionResolver - Resolved [org.springframework.web.HttpMediaTypeNotAcceptableException: Could not parse 'Accept' header [/]: Invalid mime type "/": does not contain subtype after '/'] for request: /error for user: null
Does anyone know where these calls are coming from, how I can track them down further or if it's just something to ignore? This service is publicly available so it could just be some random bot, but I would be interested to find out.
答案1
得分: 1
无需担心:某个东西 - 很可能是一个机器人 - 使用无效的Accept标头访问了您的应用程序,您对此无能为力。好消息是您无需担心。
一些http服务器存在已知的安全漏洞,使攻击者能够通过特别精心构造的请求触发一些可利用的行为;例如 http头部注入。这可能是该机器人试图要做的事情,而您的框架似乎已经保护您免受此次尝试的影响。一切安好。
英文:
Nothing to worry about: Something - most likely a bot - has accessed your application with an invalid Accept header, and there's nothing much you can do about it. The good news is that you have nothing to worry about.
There are known security flaws in some http servers that enables an attacker to trigger some exploitable behaviour with a particularly crafted request; e.g. http header injection. That may be what the bot is trying to do, and your framework appears to have protected you from this attempt. All is well.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论