搜索引擎扫描后端服务接口导致的日志错误

Posted on | | Visitors:

错误日志

1
2
3
4
5
6
7
level:ERROR
location:io.undertow.server.Connectors.executeRootHandler(Connectors.java:425)
log:16:33:31.171 ERROR io.undertow.server.Connectors 425 executeRootHandler - UT005071: Undertow request failed HttpServerExchange{ CONNECT www.so.com:443} java.lang.IllegalArgumentException: UT000068: Servlet path match failed
	at io.undertow.servlet.handlers.ServletPathMatchesData.getServletHandlerByPath(ServletPathMatchesData.java:83) ~[undertow-servlet-2.2.14.Final.jar!/:2.2.14.Final]
	at io.undertow.servlet.handlers.ServletPathMatches.getServletHandlerByPath(ServletPathMatches.java:133) ~[undertow-servlet-2.2.14.Final.jar!/:2.2.14.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.handleRequest(ServletInitialHandler.java:147) ~[undertow-servlet-2.2.14.Final.jar!/:2.2.14.Final]
	at io.undertow.server.handlers.HttpContinueReadHandler.handleRequest(HttpContinueReadHandler.java:69) ~[undertow-core-2.2.14.Final.jar!/:2.2.14.Final]

判断是搜索引擎扫描后端服务导致的错误

  • 方案1:后端服务请求过滤器加上请求过滤防止异常。核心代码参考:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 private static Set<String> SpiderUrlSet = new HashSet<String>();

@Override
public void init(FilterConfig arg0) throws ServletException {
	// TODO Auto-generated method stub
	SpiderUrlSet.add("www.baidu.com");
	SpiderUrlSet.add("www.voanews.com");
	SpiderUrlSet.add("www.so.com");
}

@Override
public void doFilter(ServletRequest srequest, ServletResponse sresponse, FilterChain filterChain)
		throws IOException, ServletException {
	// TODO Auto-generated method stub
	HttpServletRequest request = (HttpServletRequest) srequest;
	String uri = request.getRequestURI();
	String spiderUrl = request.getRemoteHost();
	if (SpiderUrlCheck(spiderUrl)) {
           log.error("搜索爬虫访问接口过滤,爬虫链接:{}", spiderUrl);
           print(sresponse, "401", "spiderUrl Blocker");
           return;
	}else{
           filterChain.doFilter(srequest, sresponse);
           return;
	}
}
  • 方案2:LOG4j日志配置文件直接过滤这个类的异常。
1
<Logger name="io.undertow.server.Connectors" level="OFF"></Logger>

错误日志2

1
2
3
4
5
6
7
8
level:ERROR
location:io.undertow.servlet.api.LoggingExceptionHandler.handleThrowable(LoggingExceptionHandler.java:80)
log:07:29:24.701 ERROR io.undertow.servlet.api.LoggingExceptionHandler 80 handleThrowable - UT005023: Exception handling request to /nice%20ports%2C/Tri%6Eity.txt%2ebak org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String "%2e"
	at org.springframework.security.web.firewall.StrictHttpFirewall.rejectedBlocklistedUrls(StrictHttpFirewall.java:456) ~[spring-security-web-5.6.1.jar!/:5.6.1]
	at org.springframework.security.web.firewall.StrictHttpFirewall.getFirewalledRequest(StrictHttpFirewall.java:429) ~[spring-security-web-5.6.1.jar!/:5.6.1]
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:196) ~[spring-security-web-5.6.1.jar!/:5.6.1]
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[spring-security-web-5.6.1.jar!/:5.6.1]
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy....展开

异常判断

此请求为nmap请求,判断后端服务被人恶意使用nmap工具扫描端口。

解决方案1:

  • 加强后端服务器端口防火墙设置。
  • 过滤器过滤/nice%20ports%2C/Tri%6Eity.txt%2ebak请求防止报错。