How to troubleshoot a "request line read error"?

I’m periodically getting this error in logs, always with the same binary:

Erlang error: "request line read error: <<3, 0, 0, 47, 42, 224, 0, 0, 0, 0, 0, 67, 111, 111, 107, 105, 101, 58, 32, 109, 115, 116, 115, 104, 97, 115, 104, 61, 65, 100, 109, 105, 110, 105, 115, 116, 114, 13, 10>>"

The stacktrace is only the erlang error, with no hints as to where it occurred. I haven’t noticed this happen directly as a result of anything I’m doing. How can I figure out where this is coming from?

Someone is probing your server for an MS RDP vulnerability, and your HTTP server is complaining that the incoming data is not a valid HTTP request. Not much you can do about it.

If the logs are really bothering you, you could put a reverse proxy or load balancer (with or without WAF) in front of your application, to stop such things from reaching your application in the first place.

3 Likes

Better put nginx or Caddy in front of your server.

1 Like

Oh wow, thanks! So the logs aren’t any more specific because it’s not happening at such a low level that it doesn’t hit anything else (eg Phoenix Router)?

Agreed. I’ve had periodic failed login attempts as well that try a different param structure, so they’re obviously not coming from my app. Definitely some script kiddies sniffing around.

In my case, I have a Nginx load balancer, but my 2 app hosts are also exposing public IP addresses, which is why I was also getting this error.

I’m hosted on Hetzner, and they provide a very easy to setup firewall via their web UI. So, with one simple rule I left only port 22 accessible from outside.

1 Like