Confluence log has java.lang.IllegalArgumentException: Invalid character (CR or LF) found in method name

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

The following appears in the catalina.out or atlassian-confluence.log

1 2 3 4 5 6 7 8 9 10 11 12 13 Apr 15, 2016 10:44:21 PM org.apache.coyote.http11.AbstractHttp11Processor process INFO: Error parsing HTTP request header Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level. java.lang.IllegalArgumentException: Invalid character (CR or LF) found in method name at org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(AbstractNioInputBuffer.java:228) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1009) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)

Diagnosis

Environment

  • Confluence running on tomcat

  • If access logging is enabled, they show entries like this

    1 169.229.3.91 - - [15/Apr/2016:22:44:21 +1000] "-" 400 - "-" "-" null

Cause

A research scanning machine from the University of California at Berkeley regularly conducts scans of the entire Internet, so you may have been scanned as part of an ongoing research project.

The machines the scanning is coming from are

  1. http://researchscan0.eecs.berkeley.edu/

  2. http://researchscan1.eecs.berkeley.edu/

  3. http://researchscan2.eecs.berkeley.edu/

  4. http://researchscan3.eecs.berkeley.edu/

  5. http://researchscan4.eecs.berkeley.edu/

Solution

Resolution

If you have been or are currently being scanned and would like to opt out, please email cesr-scanning@lists.eecs.berkeley.edu with the IP ranges you would like to exclude in CIDR format. For most Confluence machines this is the single IP address that the machine is running on.

Updated on April 7, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community