{} is too large {}>{} - Header - 8193 - 8192

11
This morning 7-12-2021 at 4:11 am we get for all our Mendix apps the following warning.   {} is too large {}>{} - Header - 8193 - 8192 { level WARNING node Jetty timestamp 1638846985049 }   Has anyone an idea why this is happening and what to do ?
asked
5 answers
2

This is the answer from Mendix.

Thanks for letting us know. We have discussed this internally and identified that the Jetty warning is triggered by a vulnerability scan that's sending large HTTP requests. As you can see in your environment logs, the warning is preceded by 404 errors which indicate a scan for security vulnerabilities. The requests themselves should not pose an issue for the Mendix runtime because they are blocked by Jetty (as we see in the warning) and will not reach the runtime itself.

Unfortunately, there is currently no way to block these requests. I know this might not be the answer you expected but we're investigating options for implementing a Web Application Firewall in front of the Mendix Cloud, which will block such attempts in the future. It's on the backlog for our R&D department, however, we don't have any concrete ETA for this yet. 

With that said, as confirmed by our internal teams, for now, you can safely ignore these warnings, they will end up with a 404 error on the runtime side (Jetty).

answered
1

This morning (8-12-2021) the warning stopped. After 6:13 I did not see the warning again.

I don't know what caused it or what made it go away.

I did not receive an answer from Mendix yet.

answered
0

We’ve encountered the error as well today. I think it might be someting at the Mendix Platform then. I will add a service call, it might prioritize the investigation of the issue if more people do so.

answered
0

I have filed a ticket for support.

answered
0

We’ve got the same errors in the logging.

Please share if you get an update from Mendix.

answered