"Bad HTTP parsed" warning message

(version 7.9.3)
Based on what I read, this is caused by the gateway trying to parse HTTPS as HTTP.
As far as I can tell, we are not using HTTPS on the gateway at all. I checked the config settings and "Use SSL" is unchecked.
How can I find what is making these requests and get it to use HTTP? They are showing up the logs every few seconds and it makes it hard to debug other issues.

It seems like everything in the project is working as it should, the project has been like this since I took it over.

I saw a post that cleared a cache to fix it, but they were getting an EOFException and I am not. I can try clearing the cache but I'm not sure how.

In this next post, they changed the port to 8088 (which we are already using) and said to disable "Use SSL" and "Require SSL". I cannot seem to find "Require SSL" on the gateway settings or on this page of the 7.9 doc. We are also only using 1 gateway.

A few errors from the logs:
Illegal character 0x16 in state=START for buffer HeapByteBuffer@1eac3215[p=1,l=198,c=8192,r=197]={\x16<<<\x03\x03\x00\xC1\x01\x00\x00\xBd\x03\x03aS<\xEd\xB9\x01:...\x03\x04\x01\x04\x02\x02\x03\x02\x01\x02\x02\x00\x17\x00\x00>>>ntent-Length: 639...0EeJl8aj+Tu+QoE}

Illegal character 0x16 in state=START for buffer HeapByteBuffer@6d4bb024[p=1,l=198,c=8192,r=197]={\x16<<<\x03\x03\x00\xC1\x01\x00\x00\xBd\x03\x03aSXi\x06\x88\x8d...\x03\x04\x01\x04\x02\x02\x03\x02\x01\x02\x02\x00\x17\x00\x00>>>rg name="dsn">

bad HTTP parsed: 400 Illegal character 0x16 for HttpChannelOverHttp@1f916da2{r=0,c=false,a=IDLE,uri=null}


I see no one ever responded to this post. I am now having the same issue and was wondering if you found a solution?

I might have used Wireshark to try to locate what was sending HTTPS data to my Ignition server.. It was a while ago so I don't remember.

1 Like

From my experience, this usually comes from random network scanning appliances installed by IT departments. They blindly look for open ports, spam a long list of vulnerability payloads, and report back to their overlords if they find anything vulnerable.

None of them have ever found anything useful in Ignition, to my knowledge, but the side effect of them running is usually one or more of the garbage payloads they deliver to the webserver triggers (legitimate) errors in the logs.

1 Like