I have a spring boot and spring batch app with scheduled methods to run some jobs. It works great but sometimes I see superstrange http calls in logs like:
WARN 1 --- [or-http-epoll-2] r.n.http.server.HttpServerOperations : [4fc791dd, L:/10.126.39.132:8080 - R:/10.41.50.212:48879] Decoding failed: DefaultHttpRequest(decodeResult: failure(java.lang.IllegalArgumentException: Content-Length value is not a number: -1), version: HTTP/1.1)
POST /.jsp HTTP/1.1
Host: 10.126.39.132:8080
Content-Length: -1 :
WARN 1 --- [or-http-epoll-2] r.n.http.server.HttpServerOperations : [27848f5f, L:/10.126.39.132:8080 - R:/10.41.50.212:59493] Decoding failed: DefaultHttpRequest(decodeResult: success, version: HTTP/1.1)
GET %org/jboss/version.properties HTTP/1.1
Host: 10.126.39.132:8080 :
WARN 1 --- [or-http-epoll-1] r.n.http.server.HttpServerOperations : [ebe6653c, L:/10.126.39.132:8080 - R:/10.41.50.212:56851] Decoding failed: DefaultHttpRequest(decodeResult: success, version: HTTP/1.1)
GET %login-config.xml HTTP/1.1
Host: 10.126.39.132:8080 :
These strange http calls were failed with exceptions like this:
java.net.URISyntaxException: Malformed escape pair at index 7: http://%org/jboss/version.properties
at java.base/java.net.URI$Parser.fail(URI.java:2974) ~[na:na]
at java.base/java.net.URI$Parser.scanEscape(URI.java:3102) ~[na:na]
at java.base/java.net.URI$Parser.scan(URI.java:3125) ~[na:na]
at java.base/java.net.URI$Parser.parseAuthority(URI.java:3264) ~[na:na]
at java.base/java.net.URI$Parser.parseHierarchical(URI.java:3219) ~[na:na]
at java.base/java.net.URI$Parser.parse(URI.java:3175) ~[na:na]
at java.base/java.net.URI.<init>(URI.java:623) ~[na:na]
at java.base/java.net.URI.create(URI.java:904) ~[na:na]
at reactor.netty.http.HttpOperations.resolvePath(HttpOperations.java:389) ~[reactor-netty-http-1.0.23.jar:1.0.23]
at reactor.netty.http.server.HttpServerOperations.<init>(HttpServerOperations.java:173) ~[reactor-netty-http-1.0.23.jar:1.0.23]
at reactor.netty.http.server.HttpServerOperations.<init>(HttpServerOperations.java:148) ~[reactor-netty-http-1.0.23.jar:1.0.23]
at reactor.netty.http.server.HttpTrafficHandler.channelRead(HttpTrafficHandler.java:205) ~[reactor-netty-http-1.0.23.jar:1.0.23]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[netty-transport-4.1.82.Final.jar:4.1.82.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[netty-transport-4.1.82.Final.jar:4.1.82.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) ~[netty-transport-4.1.82.Final.jar:4.1.82.Final]
at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:436) ~[netty-transport-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:336) ~[netty-codec-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:308) ~[netty-codec-4.1.82.Final.jar:4.1.82.Final]
at io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:251) ~[netty-transport-4.1.82.Final.jar:4.1.82.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[netty-transport-4.1.82.Final.jar:4.1.82.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[netty-transport-4.1.82.Final.jar:4.1.82.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) ~[netty-transport-4.1.82.Final.jar:4.1.82.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[netty-transport-4.1.82.Final.jar:4.1.82.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[netty-transport-4.1.82.Final.jar:4.1.82.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[netty-transport-4.1.82.Final.jar:4.1.82.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[netty-transport-4.1.82.Final.jar:4.1.82.Final]
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800) ~[netty-transport-classes-epoll-4.1.82.Final.jar:4.1.82.Final]
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:499) ~[netty-transport-classes-epoll-4.1.82.Final.jar:4.1.82.Final]
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:397) ~[netty-transport-classes-epoll-4.1.82.Final.jar:4.1.82.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[netty-common-4.1.82.Final.jar:4.1.82.Final]
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[netty-common-4.1.82.Final.jar:4.1.82.Final]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[netty-common-4.1.82.Final.jar:4.1.82.Final]
at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]
I use springboot v2.7.4, spring-boot-starter-webflux, spring batch v4.3.7.
Please give me some ideas how to get the reason of these http calls. Where they come from?
Seems that your application is exposed to random scripts/bots that try to get access to potential vulnerabilities or internal information. It could be a vulnerability scanning inside your network or an administrative tool, there is no way for us to know. Because an external actor doesn't know what technology your application is using they try for many different technologies.
This is not directly related to programming. Publishing any kind of application in a public or private network exposes applications to unwanted traffic. More so in the public Internet. That should be expected and mitigated. Securing your applications is up to you. But there are no guarantees.