Ajp invalid message received with signature
https://stackoverflow.com/questions/11836156
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianسؤال
I am using Tomcat 7.0.29 fronted with Apache 2.2.22 modproxy. Configured Ajp as the protocol in httpd.conf and AjpNioProtocol in server.xml. After the server starts, the logs are filled with the following message:
Severe: Invalid message received with signature 20599
com.apache.coyote.ajp.AjpMessage processHeader
There are no requests sent to the web or tomcat server and it still throws that error. Access logs in tomcat and apache show that no request is coming in. What is causing the invalid message error?
Here is the configuration :
httpd.conf
ProxyPass /wl ajp:// ip : port /wl ProxyPassReverse /wl ajp:// ip : port /wlserver.xml
<Connector port="port" protocol="org.apache.coyote.ajp.AjpNioProtocol" connectionTimeout="20000" acceptorThreadCount="2" maxThreads="1600" redirectPort="8443" />
المحلول
For me, the problem was simple. I was sending HTTP requests but the connector was configured with AJP protocol. My connector in server.xml was configured like this:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
But when I changed it to this:
<Connector port="8009" protocol="HTTP/1.1" redirectPort="8443"/>
The error went away.
Hopefully that will help someone with this error.
نصائح أخرى
This may also happen when buffer sizes are not same at both ends: logs mention invalid AJP message and browser receive 400 error code.
I have fixed the situation with both packetSize on AJP connector and ProxyIOBufferSize in Apache2 configuration.
In Tomcat server.xml:
<Connector protocol="AJP/1.3" port="8009"
connectionTimeout="20000"
packetSize="65536"
proxyName="yourproxy.domain.ltd" proxyPort="80"
/>
In Apache2 mod_proxy_ajp configuration, add the statement ProxyIOBufferSize 65536.
It was found that one of the internal processes was calling that port and sending http requests causing the "Invalid message.." error. So I ended up adding an additional http Connector for those internal processes
There are no requests sent to the web or tomcat server and it still throws that error. Access logs in tomcat and apache show that no request is coming in. What is causing the invalid message error?
Just some hint for other people because I forgot the same in one of my configs by accident: The mentioned Connector in server.xml is listening globally, because only port is specified, without any address. The latter is defined to listen globally by default:
By default, this port will be used on all IP addresses associated with the server.
https://tomcat.apache.org/tomcat-7.0-doc/config/http.html
So without any additional firewall or such it might be that bad clients are simply testing for open ports using various protocols, which might or might not be HTTP and therefore resulting in error messages with different signatures. Without very good reasons, there shouldn't be any need to make AJP globally available, especially not in case of a proxy-setup like used by the thread starter.
<Connector address="localhost" port="port"
protocol="org.apache.coyote.ajp.AjpNioProtocol"
connectionTimeout="20000"
acceptorThreadCount="2"
maxThreads="1600"
redirectPort="8443" />
I got a similar message today:
Nov 18, 2016 4:25:00 PM org.apache.coyote.ajp.AjpMessage processHeader
SEVERE: Invalid message received with signature 65524
The root cause of my problem was that selinux wasn't letting apache connect to tomcat. I'm a little confused as to how this error was a result - I'd expect that there would be no connection, period. Best guess, i probably attempted to manually connect to that port with telnet. Doing that certainly gives a similar message.
Regardless, perhaps this selinux reminder will be helpful to someone else who ends up here.
