possible security question - Invalid method in request

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
We have a security system on the server which will block too many 404 errors (file not found) if the accesses are made directly to the server IP (not the individual hosted accounts).

We host one customer who is being blocked repeatedly by this anti 404 security measure.

She can just sit there, WITHOUT DOING ANYTHING, and be blocked again and again without any apps running on her PC.

Here's what we are finding in the logs after each block (as related to her ISP assigned IP address):

Invalid method in request \x16\x03\x01

So, something is hitting the server's IP (not her hosted domain) over and over again from her PC with no apps running.

What could this be?
 

MattCurry

Well-Known Member
Aug 18, 2009
275
0
66
Houston, Tx
Security Issue

Hello,

I do apologize for any problems you have had. However, in this particular case I think we should go ahead and put a ticket in so we can get a better look at what is causing this issue. You can submit a ticket via the link at the bottom of the page. I hope this helps get you working. Please let me know if you have any other questions.

Thank you,
Matthew Curry
 

Infopro

Well-Known Member
May 20, 2003
17,090
519
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
We have a security system on the server which will block too many 404 errors (file not found) if the accesses are made directly to the server IP (not the individual hosted accounts).

We host one customer who is being blocked repeatedly by this anti 404 security measure.

She can just sit there, WITHOUT DOING ANYTHING, and be blocked again and again without any apps running on her PC.

Here's what we are finding in the logs after each block (as related to her ISP assigned IP address):

Invalid method in request \x16\x03\x01

So, something is hitting the server's IP (not her hosted domain) over and over again from her PC with no apps running.

What could this be?
How do you know there are no apps running on that PC, was it scanned for issues I guess. What do your logs say about it? What browser is the user using and what happens if they use a different one?

Have you tried googling this error?
 

jdlightsey

Perl Developer III
Staff member
Mar 6, 2007
126
2
243
Houston Texas
cPanel Access Level
Root Administrator
These "invalid request method" warnings are almost always caused by someone attempting to make a HTTPS connection to a site that has no SSL certificate installed.

SSL certs are mapped by IP address and port by Apache. When an IP:port has no SSL cert installed some versions of Apache assume that connections to that IP (even on port 443) are being made without SSL.

So if example.com is on IP 1.2.3.4 and no SSL cert has been installed on IP 1.2.3.4, and the owner of example.com mistakenly puts a https://example.com/ link somewhere on their website, you'll get this type of warning whenever someone clicks the link...

The client browser connects to 1.2.3.4 port 443 and tries to start up a SSL connection.

The web server gets a connection on 1.2.3.4 port 443 and expects it to be plaintext. It's looking for "GET / HTTP/1.1" or "POST /something.php HTTP/1.1" and it sees a bunch of gibberish instead (the client trying to set up SSL.)


You can replicate this easily by visiting port 80 using SSL on any IP on your systems. It'll generate the exact same types of errors... https://1.2.3.4:80/


These messages are nothing to worry about since they simply indicate that the client is trying to access a resource using SSL that isn't configured to be available via SSL. If the messages really trouble you for some reason though, just make sure every IP on the system has a SSL cert configured.