[Tomcat] java.io.CharConversionException: Invalid char in port: 118 Exception

configuration : Tomcat 5.5. Apache 2.0


얼마전 톰캣 로그에서 다음과 같은 Exception이 발생했고, L7 체크(jsp 체크)에서 걸려서 L4에서 약 1분동안 빠지는 일이 발생했다.
Recently, a awkward exception of tomcat is occured below, and failed in L7 check (jsp check), the tomcat server were removed L4 equiment.

java.io.CharConversionException: Invalid char in port: 118 Exception

나는 확인해서, 찾아봤더니 이는 톰캣의 mod_jk 연동부분이었다.
I checked up, I found that exception happened in mod_jk of Tomcat.


Http의 헤더의 Host 부분에서 semicolon(;)이 포함되면, 이런 Exception이 발생했다.
If host part of Http header contains semicolon(;),  Below Exception is occured. 

재현 시나리오는 다음과 같다. 당신은 확인이 가능할 것이다.
I tried to do reviva scenario like below.  You may find on your tomcat.


GET /search.nhn HTTP/1.1
Host: dailybuild.google.com;www.google.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; netimo; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.0
Accept-Language: en-us,en;q=0.0
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.0
Connection: close
Referer: attack test
Content-Length: 12

aaaaaaaa

 



Reference
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23)

14.23 Host

The Host request-header field specifies the Internet host and port number of the resource being requested, as obtained from the original URI given by the user or referring resource (generally an HTTP URL,

as described in section 3.2.2). The Host field value MUST represent the naming authority of the origin server or gateway given by the original URL. This allows the origin server or gateway to differentiate between internally-ambiguous URLs, such as the root "/" URL of a server for multiple host names on a single IP address.

       Host = "Host" ":" host [ ":" port ] ; Section 3.2.2

A "host" without any trailing port information implies the default port for the service requested (e.g., "80" for an HTTP URL). For example, a request on the origin server for <http://www.w3.org/pub/WWW/> would properly include:

       GET /pub/WWW/ HTTP/1.1

       Host: www.w3.org

A client MUST include a Host header field in all HTTP/1.1 request messages . If the requested URI does not include an Internet host name for the service being requested, then the Host header field MUST be given with an empty value. An HTTP/1.1 proxy MUST ensure that any request message it forwards does contain an appropriate Host header field that identifies the service being requested by the proxy. All Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message which lacks a Host header field

원인은 잘못된 리퀘스트 (host 정보에 스펙에 맞지 않은 내용이 올 때 문제)로 인한 것이다...