Invalid method in request \x16\x03\x01

8 posts / 0 new
Topic locked
Last post
#1 Fri, 12/14/2012 - 05:46
AllanIT

Invalid method in request \x16\x03\x01

Hi guys

I am getting the following line in my log files regularly. Up until now this was not a problem because fail2ban was banning the persistent ip addresses. However now one of my new users has been banned and it turns out that all that they were trying to do was access their email with internet explorer by going to https://www.theirsite.com:20000/ . An interesting note is that there is no problem accessing the email when using firefox :) but they want to use internet explorer :(.

[Fri Dec 14 07:44:28 2012] [error] [client xxx.xxx.xxx.xxx] Invalid method in request \x16\x03\x01

Can anyone shed some light on what I need to do to stop the error?

Thanks in advance for any help AllanIT

Fri, 12/14/2012 - 09:21
andreychek

Howdy,

So just to clarify, this IE user -- they're able to access Usermin just fine, but upon doing so, that error shows up in the logs?

And which log is that -- is that the Webmin error log, or the Apache error log?

-Eric

Fri, 12/14/2012 - 09:43
AllanIT

Hi Eric

Well not exactly. This happened the first time they tried to accessing usermin, before they had accepted the certificate and then they were unable to accept the certificate. Sorry my explanation is not more detailed but I am a bit sketchy on what happened myself

The log /var/log/apache2/error.log

AllanIT

Fri, 12/14/2012 - 09:56
AllanIT

Hi Eric

Here is a larger snippet from the log as you can see there where 3 separate IP addresses with the same error around the same time but only one the [client XXX.XXX.XXX.XXX] is my valid user.

[Fri Dec 14 06:28:51 2012] [notice] Graceful restart requested, doing restart
[Fri Dec 14 06:28:51 2012] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
[Fri Dec 14 06:28:52 2012] [notice] Digest: generating secret for digest authentication ...
[Fri Dec 14 06:28:52 2012] [notice] Digest: done
[Fri Dec 14 06:28:52 2012] [notice] Apache/2.2.22 (Ubuntu) DAV/2 SVN/1.6.17 mod_fcgid/2.3.6 PHP/5.3.10-1ubuntu3.4 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2011-06-30) mod_ssl/2.2.22 OpenSSL/1.0.1 configured -- resuming normal operations
[Fri Dec 14 07:12:32 2012] [error] [client XXX.XXX.XXX.XXX] Invalid method in request \x16\x03\x01
[Fri Dec 14 07:12:52 2012] [error] [client XXX.XXX.XXX.XXX] Invalid method in request \x16\x03\x01
[Fri Dec 14 07:44:25 2012] [error] [client XXX.XXX.XXX.XXX] Invalid method in request \x16\x03\x01
[Fri Dec 14 07:44:28 2012] [error] [client XXX.XXX.XXX.XXX] Invalid method in request \x16\x03\x01
[Fri Dec 14 07:49:29 2012] [error] [client AAA.AAA.AAA.AAA] Invalid method in request \x16\x03\x01
[Fri Dec 14 07:49:29 2012] [error] [client AAA.AAA.AAA.AAA] Invalid method in request \x16\x03\x01
[Fri Dec 14 07:53:25 2012] [error] [client BBB.BBB.BBB.BBB] Invalid method in request \x80g\x01\x03\x01
[Fri Dec 14 08:19:34 2012] [error] [client AAA.AAA.AAA.AAA] Invalid method in request \x16\x03\x01
[Fri Dec 14 08:19:34 2012] [error] [client AAA.AAA.AAA.AAA] Invalid method in request \x16\x03\x01
[Fri Dec 14 08:50:16 2012] [error] [client AAA.AAA.AAA.AAA] Invalid method in request \x16\x03\x01
[Fri Dec 14 08:50:16 2012] [error] [client AAA.AAA.AAA.AAA] Invalid method in request \x16\x03\x01
[Fri Dec 14 09:07:01 2012] [error] [client XXX.XXX.XXX.XXX] Invalid method in request \x16\x03\x01
[Fri Dec 14 09:07:07 2012] [error] [client XXX.XXX.XXX.XXX] Invalid method in request \x16\x03\x01
[Fri Dec 14 09:26:40 2012] [error] [client AAA.AAA.AAA.AAA] Invalid method in request \x16\x03\x01
[Fri Dec 14 09:26:41 2012] [error] [client AAA.AAA.AAA.AAA] Invalid method in request \x16\x03\x01
[Fri Dec 14 10:07:40 2012] [error] [client XXX.XXX.XXX.XXX] Invalid method in request \x16\x03\x01
[Fri Dec 14 10:07:43 2012] [error] [client XXX.XXX.XXX.XXX] Invalid method in request \x16\x03\x01
[Fri Dec 14 12:43:39 2012] [notice] Graceful restart requested, doing restart
[Fri Dec 14 12:43:39 2012] [notice] Digest: generating secret for digest authentication ...
[Fri Dec 14 12:43:39 2012] [notice] Digest: done
[Fri Dec 14 12:43:40 2012] [notice] Apache/2.2.22 (Ubuntu) DAV/2 SVN/1.6.17 mod_fcgid/2.3.6 PHP/5.3.10-1ubuntu3.4 with Suhosin-Patch mod_ruby/1.2.6 Ruby/1.8.7(2011-06-30) mod_ssl/2.2.22 OpenSSL/1.0.1 configured -- resuming normal operations

thanks for your help AllanIT

Sun, 12/16/2012 - 11:50
AllanIT

Bump

Sun, 12/16/2012 - 16:33
andreychek

I really don't know what the issue there is... you're accessing Usermin on port 20000 -- so there's no reason for any request to be hitting Apache on port 80/443.

The best suggestion I could make is to not block users based on that particular log message :-)

-Eric

Wed, 12/26/2012 - 13:12
AllanIT

HI Eric

I think I have figured out what is causing the log records above to be written. I provide a link on my site for users to click which loads Usermin in a new window. If the user, uses that link and they are running Internet Explorer then the log records above are written. However if the same user types in to the address bar https://www.theirsite.com:20000/ then the log records are not written. strange ha?

Sat, 12/29/2012 - 13:09
persiancity

hello

maybe this help you:

http://www.noah.org/wiki/Apache2_Invalid_method_in_request_%5Cx16%5Cx03%...

Topic locked