cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can subscribe to a forum, label or individual post and receive email notifications when someone posts a new topic or reply. Learn more! X

Tomcat logs are flooded with Intrusion Exceptions

AK_9989455
3-Newcomer

Tomcat logs are flooded with Intrusion Exceptions

Hello,

 

Tomcat logs are getting filled with intrusion exceptions as below:

ERROR IntrusionException:55 - [SECURITY FAILURE Anonymous:null@unknown -> /ExampleApplication/IntrusionException] INTRUSION - Multiple (2x) and mixed encoding (3x) detected.

 

It's not creating issues in the application but tomcat logs are flooded with these errors.

Followed this article and turned errors into warnings but still size of log file is increasing too fast.

 

How to handle these exceptions? Can anyone help me with your inputs to handle this?

Thanks!

3 REPLIES 3
slangley
23-Emerald II
(To:AK_9989455)

Hi @AK_9989455.

 

This is outside the realm of ThingWorx support, but you should engage your network engineering team for blocking the source connection(s).  You should be able to tell from the access logs where the traffic is originating from.  Usually IT teams will want to handle this at the firewall under their current security policies.

 

Regards.

 

--Sharon

Our Thingworx Application logs are filled with "Error occurred while validating HTTP header: cookie", to handle this we followed ptc articles and updated validation properties. After that  http header cookie error went away, now it started filling tomcat with ERROR IntrusionException:55 - [SECURITY FAILURE Anonymous:null@unknown -> /ExampleApplication/IntrusionException] INTRUSION - Multiple (2x) and mixed encoding (3x) detected.

 

@slangley Followed below community post and article:

https://community.ptc.com/t5/ThingWorx-Developers/Thingworx-and-current-Chrome-flooding-the-Application-log/td-p/697236

https://www.ptc.com/en/support/article/CS324394

 

We were able to turn errors into warnings following the article but tomcat logs are filling fast. can you provide some workaround to handle this?

 

Thanks!

 

 

slangley
23-Emerald II
(To:AK_9989455)

Hi @AK_9989455.

 

Have you checked the access logs to determine where the traffic is originating?

 

Regards.

 

--Sharon

Announcements


Top Tags