新上线的系统中IHS的error log发现很多Invalid method in request的报错。
[Thu Jan 16 00:02:59 2014] [error] [client 112.××.×××.×××] Invalid method in request \x16\x03\x01
[Thu Jan 16 00:03:03 2014] [error] [client 119.×××.×××.×××] Invalid method in request \x16\x03\x01
[Thu Jan 16 00:03:42 2014] [error] [client 203.×××.×××.×××] Invalid method in request \x16\x03\x01
[Thu Jan 16 00:03:54 2014] [error] [client 61.×××.×××.×××] Invalid method in request \x16\x03\x01
在access log里面发现很大量大501报错
203.×××.×××.×× - [16/Jan/2014:00:03:42 +0800] - test03:80(6999) \x16\x03\x01-HTTP/0.9 0 Sec. 501 277 "/index.html" ""
61.×××.×××.××× - [16/Jan/2014:00:03:54 +0800] - test03:80(6999) \x16\x03\x01-HTTP/0.9 0 Sec. 501 277 "/index.html" ""
60.×××.×××.××× - [16/Jan/2014:00:04:15 +0800] - test03:80(6999) \x16\x03\x01-HTTP/0.9 0 Sec. 501 277 "/index.html" ""
119.×××.××.××× - [16/Jan/2014:00:04:31 +0800] - test03:80(6999) \x16\x03\x01-HTTP/0.9 0 Sec. 501 277 "/index.html" ""
63.×××.×××.××× - [16/Jan/2014:00:04:38 +0800] - test03:80(6998) \x16\x03\x01-HTTP/0.9 0 Sec. 501 277 "/index.html" ""
经过wireshark抓包发现,配置F5的工程师把提供http服务端80端口和提供https的443端口统一放到https的pool里面。这个配置使F5把https的请求发送到IHS服务器上的http的端口,导致报错的发生。这个报错可以通过浏览器用https协议访问http的端口重现。(https://192.168.0.100:80/)
[Fri Jan 16 19:31:59 2014] [error] [client 192.168.0.230] Invalid method in request \x16\x03\x01
[Fri Jan 16 19:31:59 2014] [error] [client 192.168.0.230] Invalid method in request \x16\x03\x01
[Fri Jan 16 19:31:59 2014] [error] [client 192.168.0.230] Invalid method in request \x16\x03\x01
[Fri Jan 16 19:31:59 2014] [error] [client 192.168.0.230] Invalid method in request \x16\x03\x01
[Fri Jan 16 19:31:59 2014] [error] [client 192.168.0.230] Invalid method in request \x16\x03\x01
[Fri Jan 16 19:31:59 2014] [error] [client 192.168.0.230] Invalid method in request \x16\x03
浏览器会显示:
无法与服务器建立安全连接。可能是服务器出现了问题,也可能是您没有服务器要求的客户端身份验证证书。
错误代码:ERR_SSL_PROTOCOL_ERROR
🙂 .