1 Reply Latest reply on Apr 4, 2017 7:51 PM by darckyn

Many java.net.URISyntaxException, on Wildfly 10.1.0 Server in Production. How should I proceed?

darckyn Apr 3, 2017 5:00 PM

Hello everyone!

I'm running my Wildfly 10.1.0 Final server inside a Linux Server Ubuntu 16.04.2 LTS, I put the SSL from letsencrypt.org running with the H2 protocol and Spring Security 4.2.2.RELEASE in Production.

The server is working fine with a very good performance and is not slow but I'm getting many bug reports in the wildfly log of java.net.URISyntaxException (Error 500).

I am with New Relic installed on Wildfly and it is also reporting many 500 errors as well.

I went to do a researched and found this bug report on Undertow: Https://issues.jboss.org/browse/UNDERTOW-592

Apparently It looks like it was fixed in Undertow version 1.2.13.Finally I went to check and Wildfly 10.1.0 Final is currently using version 1.0.2.Final.

(Wildfly 11 will have this new version with a fix?)

But I do not only have attempts to web proxy scanners, I'm also trying some attempts by invaders trying something like:

Http: www (...) /admin/phpmyadmin/

Mysqlmanager

Admin

etc...

They always have the same stack trace:

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

at java.net.URI.checkPath(URI.java:1823)

at java.net.URI.<init>(URI.java:672)

at io.undertow.security.handlers.SinglePortConfidentialityHandler.getRedirectURI(SinglePortConfidentialityHandler.java:51)

at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.getRedirectURI(ServletConfidentialityConstraintHandler.java:83)

at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:49)

at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)

at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)

at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)

at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)

at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)

at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)

at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)

at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)

at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)

at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)

at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)

at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)

at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)

at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)

at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

at java.lang.Thread.run(Thread.java:745)

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Is there any action I can take (or code) to avoid these types of java.net.URISyntaxException errors, or at least I treat them?

Or (And) even put some kind of security to prevents attempts from intruders?

Thanks in advance for all the help.

1. Re: Many java.net.URISyntaxException, on Wildfly 10.1.0 Server in Production. How should I proceed?

darckyn Apr 4, 2017 7:51 PM (in response to darckyn)

I just checked the New Relic logs better and I'm getting many attempts from User Agent: Mozilla / 5.0 Jorgee.

Is there any way I can increase the security of my server to prevent its attacks? (Wildfly / Ubuntu)
Actions