Options

HTTP line too long (len is 31415)

adrewsadrews Member
in System
Hi !
Since few days i see in the system log the line:
"HTTP line too long (len is 31415)"
Its is class of an attack?
I can't to determine what IP try to use Long HTTP.
How i can troubleshoot this issue?
Thanks !!
Tagged:

Comments

  • Options
    Ramses RodenburgRamses Rodenburg Member

    We are seeing the same message, and are equally clueless how to find which virtual-service is/are receiving these requests...

    Any updates?

  • Options
    mdunnmdunn Member ✭✭

    Hello - One way to diagnose this is with an aflex script:

    Apply the following aFlex script to all suspected HTTP/HTTPS vPorts:

     

    when CLIENT_ACCEPTED {
    table set logme [IP::client_addr] [IP::local_addr]
}
when HTTP_RESPONSE {
    table delete logme [IP::client_addr]
}

when CLIENT_CLOSED {
    if { [table lookup "logme" [IP::client_addr]] != "" } {
        log "request failed for client [IP::client_addr] on VIP [IP::local_addr]"
        table delete logme [IP::client_addr]
    }
}


    You should then see an additional log line for each of the above warnings:


    Jun 20 2017 13:20:01 Warning  [ACOS]:HTTP header (len=122) "kjdfhlksdjhfkldsjh(P*&(*&(ISAUDF)AUDF)AUDS)AUD+)AUD_)A*UD+)AU*D)ASIUD+)ADU)ASDIU+)ASUD)+UD)U_)*@$&_)" is too long
Jun 20 2017 13:18:45 Info    [AFLEX]:logFails:request failed for client 10.2.24.1 on VIP 10.2.24.100
Sign In or Register to comment.