The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

possible security question - Invalid method in request

Discussion in 'Security' started by jols, Aug 28, 2009.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    We have a security system on the server which will block too many 404 errors (file not found) if the accesses are made directly to the server IP (not the individual hosted accounts).

    We host one customer who is being blocked repeatedly by this anti 404 security measure.

    She can just sit there, WITHOUT DOING ANYTHING, and be blocked again and again without any apps running on her PC.

    Here's what we are finding in the logs after each block (as related to her ISP assigned IP address):

    Invalid method in request \x16\x03\x01

    So, something is hitting the server's IP (not her hosted domain) over and over again from her PC with no apps running.

    What could this be?
     
  2. MattCurry

    MattCurry Well-Known Member

    Joined:
    Aug 18, 2009
    Messages:
    275
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Houston, Tx
    Security Issue

    Hello,

    I do apologize for any problems you have had. However, in this particular case I think we should go ahead and put a ticket in so we can get a better look at what is causing this issue. You can submit a ticket via the link at the bottom of the page. I hope this helps get you working. Please let me know if you have any other questions.

    Thank you,
    Matthew Curry
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    How do you know there are no apps running on that PC, was it scanned for issues I guess. What do your logs say about it? What browser is the user using and what happens if they use a different one?

    Have you tried googling this error?
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Sounds like they may possibly be running some sort of pre-caching
     
  5. jdlightsey

    jdlightsey Perl Developer III
    Staff Member

    Joined:
    Mar 6, 2007
    Messages:
    126
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Houston Texas
    cPanel Access Level:
    Root Administrator
    These "invalid request method" warnings are almost always caused by someone attempting to make a HTTPS connection to a site that has no SSL certificate installed.

    SSL certs are mapped by IP address and port by Apache. When an IP:port has no SSL cert installed some versions of Apache assume that connections to that IP (even on port 443) are being made without SSL.

    So if example.com is on IP 1.2.3.4 and no SSL cert has been installed on IP 1.2.3.4, and the owner of example.com mistakenly puts a https://example.com/ link somewhere on their website, you'll get this type of warning whenever someone clicks the link...

    The client browser connects to 1.2.3.4 port 443 and tries to start up a SSL connection.

    The web server gets a connection on 1.2.3.4 port 443 and expects it to be plaintext. It's looking for "GET / HTTP/1.1" or "POST /something.php HTTP/1.1" and it sees a bunch of gibberish instead (the client trying to set up SSL.)


    You can replicate this easily by visiting port 80 using SSL on any IP on your systems. It'll generate the exact same types of errors... https://1.2.3.4:80/


    These messages are nothing to worry about since they simply indicate that the client is trying to access a resource using SSL that isn't configured to be available via SSL. If the messages really trouble you for some reason though, just make sure every IP on the system has a SSL cert configured.
     
Loading...

Share This Page