Skip to main content
A
AK_99894551-Visitor
1-Visitor
September 28, 2021
Question

Tomcat logs are flooded with Intrusion Exceptions

  • September 28, 2021
  • 1 reply
  • 2947 views

Hello,

 

Tomcat logs are getting filled with intrusion exceptions as below:

ERROR IntrusionException:55 - [SECURITY FAILURE Anonymous:null@unknown -> /ExampleApplication/IntrusionException] INTRUSION - Multiple (2x) and mixed encoding (3x) detected.

 

It's not creating issues in the application but tomcat logs are flooded with these errors.

Followed this article and turned errors into warnings but still size of log file is increasing too fast.

 

How to handle these exceptions? Can anyone help me with your inputs to handle this?

Thanks!

1 reply

S
slangleyCommunity Manager
Support
October 6, 2021

Hi @AK_9989455.

 

This is outside the realm of ThingWorx support, but you should engage your network engineering team for blocking the source connection(s).  You should be able to tell from the access logs where the traffic is originating from.  Usually IT teams will want to handle this at the firewall under their current security policies.

 

Regards.

 

--Sharon

A
AK_99894551-VisitorAuthor
1-Visitor
October 7, 2021

Our Thingworx Application logs are filled with "Error occurred while validating HTTP header: cookie", to handle this we followed ptc articles and updated validation properties. After that  http header cookie error went away, now it started filling tomcat with ERROR IntrusionException:55 - [SECURITY FAILURE Anonymous:null@unknown -> /ExampleApplication/IntrusionException] INTRUSION - Multiple (2x) and mixed encoding (3x) detected.

 

@slangley Followed below community post and article:

https://community.ptc.com/t5/ThingWorx-Developers/Thingworx-and-current-Chrome-flooding-the-Application-log/td-p/697236

https://www.ptc.com/en/support/article/CS324394

 

We were able to turn errors into warnings following the article but tomcat logs are filling fast. can you provide some workaround to handle this?

 

Thanks!

 

 

S
slangleyCommunity Manager
Support
October 13, 2021

Hi @AK_9989455.

 

Have you checked the access logs to determine where the traffic is originating?

 

Regards.

 

--Sharon

Terms & ConditionsAccessibility statement