Tomcat small version upgrade problem org apache. coyote. AbstractProcessor. Parsehost [xxx_tomcat] is an invalid host note

1. At the end of the year, customers usually scan the server Vulnerability Information in batches. Recently, customers reported that our company's Tomcat has vulnerabilities. The vulnerabilities are as follows:

It can be seen from the above figure that the vulnerability can be solved only by upgrading to version 7.0.104 or above:

adopt http://blog.nsfocus.net/ The website enters the vulnerability number to query the relevant vulnerabilities and their handling methods.

[root@32 bin]# sh version.sh 
Using CATALINA_BASE2:   /usr/local/tomcat
Using CATALINA_HOME2:   /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME:        /usr/local/jdk/
Using CLASSPATH:       /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
Server version: Apache Tomcat/7.0.79
Server built:   Jun 26 2017 16:25:20 UTC
Server number:  7.0.79.0
OS Name:        Linux
Architecture:   amd64
JVM Version:    1.7.0_56-b13
JVM Vendor:     Oracle Corporation

This time we upgrade to version 7.0.106. This is a minor upgrade.

You need to go to the official website to download the tomcat version. Official website address: https://tomcat.apache.org/download-70.cgi

Send it to the linux server after next week and unzip it:

[root@32 src]# ls
tomcat7.0.106.tar.gz
[root@32 src]# tar zxvf tomcat7.0.106.tar.gz

Note: there are two ways to upgrade the tomcat version:

First, copy the two directories of the new version of tomcat , tomcat/lib , bin , to the directory of the new version, and then start it.

The second is to copy the conf directory of the old version of tomcat and the related war to the directory, because the server under the conf directory needs to be used XML file. Then start it.

[root@cbmp-33 conf]# ls
catalina.policy        tomcat-users.xml        catalina.properties  logging.properties                          
Catalina        context.xml                    server.xml        web.xml

server. The XML # system starts to load the core file, which contains the information of the website module.

tomcat-users.xml # Tomcat management site. The default is 8080. Check whether the war package starts normally.

[root@cbmp-32 conf]# tail tomcat-users.xml 
-->
  <role rolename="manager"/>
  <role rolename="tomcat"/>
  <role rolename="probeuser"/>
  <role rolename="manager-gui"/>
  <role rolename="manager-script"/>
  <user username="tocmat" password="tomcat" roles="manager-script,manager-gui,tomcat,manager,probeuser,poweruserplus,poweruser"/>
</tomcat-users>

Copy and replace the directory to be upgraded: you need to back up the original bin and lib directories first

[root@cbmp-33 tomcat]# mv bin bin_2020_12_14                #The original bin needs to be backed up
[root@cbmp-33 tomcat]# mv lib lib_2020_12_14                #The original lib needs to be backed up
[root@cbmp-33 tomcat]# cd /usr/local/src
[root@cbmp-33 src]# mv tomcat tocmat7.0.106
[root@cbmp-33 src]# cp tomcat7.0.106     /usr/local/
[root@cbmp-33 src]# cd /usr/local/tomcat7_106/
[root@cbmp-33 tomcat7_106]# cp bin  lib  /usr/lccal/tomcat/

Start tomcat, which is started by ordinary users:

[root@32 tomcat7_106]# sudo su - tomcat -c '/usr/local/tomcat/bin/startup.sh'
############
The required configurations are as follows:
/usr/sbin/usermod -L tomcat
chown -R tomcat:tomcat /usr/local/tomcat

Error message when starting: Failed to start connector [Connector[AJP/1.3-8009]]
org.apache.catalina.LifecycleException: service.getName(): "Catalina"; The protocol processor failed to start

See if the connection to AJP protocol fails: modify conf / server XML configuration file: comment out the following contents and start again.

[root@32 conf]# vim server.xml
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /-->

Restart again:

Looking at the diary, I found that all wars have been deployed. Ha loads the war packages on two servers. I found that the war package status on HA does not get up.

Check Catalina Out's diary error information is as follows: org apache. coyote. AbstractProcessor parseHost
Information: [\] is an invalid host. Note: more request parsing errors will be recorded in the DEBUG level log.
java.lang.IllegalArgumentException

Keep reporting this error.

We need to see if war is normal. The default port 8080 is the displayed tomcat/webapps directory. You need to put the war package in this directory.

Each war has its own port. You can also directly add a port to access the war, but the war package probe can be displayed normally in the war directory. As follows:

Prove that war is started normally, and then Catalina The out diary also shows that the deployment of war package is completed.

When looking at the status display of HA, it is abnormal, and ha cannot load normally.

catalina. This error is still reported in the out diary: org apache. coyote. AbstractProcessor parseHost
Information: [\] is an invalid host. Note: more request parsing errors will be recorded in the DEBUG level log.
java.lang.IllegalArgumentException

At the beginning, I didn't expect to check the HA configuration. I've been looking for the error of tomcat. I've tried many times and reported this error all the time. Because the old versions can be used normally.

I didn't think of it until I found this document on the Internet. The link is as follows: https://blog.csdn.net/miss_du/article/details/109502587

Hurriedly checked the HA configuration: also compared with the HA configuration of other projects, and found the problem as expected:

#Original configuration:
[root@32 logs]# cd /usr/local/haproxy/
[root@32 haproxy]# vim haproxy.cfg
  listen xxx modular 
        bind *:10002
        mode http
        balance roundrobin
        option httplog
        option dontlognull
        option httpchk GET /xxx modular/healthCheck HTTP/1.1\r\nHost:\
        http-check expect status 200
    # option httpchk GET /index.html
    server BOSS_1 1.1.1.1:10002 cookie 1 check inter 2000 rise 3 fall 3
    server BOSS_2 2.2.2.2:10002 cookie 2 check inter 2000 rise 3 fall 3
New configuration
[root@32 logs]# cd /usr/local/haproxy/
[root@32 haproxy]# vim haproxy.cfg
  listen xxx modular 
        bind *:10002
        mode http
        balance roundrobin
        option httplog
        option dontlognull
        option httpchk GET /xxx modular/healthCheck 
        http-check expect status 200
    # option httpchk GET /index.html
    server BOSS_1 1.1.1.1:10002 cookie 1 check inter 2000 rise 3 fall 3
    server BOSS_2 2.2.2.2:10002 cookie 2 check inter 2000 rise 3 fall 3

tomcat was found to be sensitive to / slashes. Remove the line HTTP/1.1\r\nHost: \ and restart tomcat. It will be normal and the status will rise.

At the beginning, I didn't think about it. Baidu has been wrong org apache. coyote. AbstractProcessor parseHost
Information: [\] is an invalid host. Note: more request parsing errors will be recorded in the DEBUG level log.

The answer was not found.

If you have the same problem, you need help.

Posted by teongkia on Mon, 02 May 2022 00:15:01 +0300