How to troubleshoot a "request line read error"?

I’m periodically getting this error in logs, always with the same binary:

Erlang error: "request line read error: <<3, 0, 0, 47, 42, 224, 0, 0, 0, 0, 0, 67, 111, 111, 107, 105, 101, 58, 32, 109, 115, 116, 115, 104, 97, 115, 104, 61, 65, 100, 109, 105, 110, 105, 115, 116, 114, 13, 10>>"

The stacktrace is only the erlang error, with no hints as to where it occurred. I haven’t noticed this happen directly as a result of anything I’m doing. How can I figure out where this is coming from?

Someone is probing your server for an MS RDP vulnerability, and your HTTP server is complaining that the incoming data is not a valid HTTP request. Not much you can do about it.

If the logs are really bothering you, you could put a reverse proxy or load balancer (with or without WAF) in front of your application, to stop such things from reaching your application in the first place.


Better put nginx or Caddy in front of your server.

1 Like

Oh wow, thanks! So the logs aren’t any more specific because it’s not happening at such a low level that it doesn’t hit anything else (eg Phoenix Router)?

Agreed. I’ve had periodic failed login attempts as well that try a different param structure, so they’re obviously not coming from my app. Definitely some script kiddies sniffing around.

In my case, I have a Nginx load balancer, but my 2 app hosts are also exposing public IP addresses, which is why I was also getting this error.

I’m hosted on Hetzner, and they provide a very easy to setup firewall via their web UI. So, with one simple rule I left only port 22 accessible from outside.

1 Like