Been getting a lot of Bad Request errors in my log since upgrading. For example, from the login page. But it's not all the time. I can login/logout repeatedly and not see this error. But each day I look at my log I'll see 20 or 30 of them. Also, it's not always the login page. Sometimes it's one of my blog pages that will be listed as the PageURL .
Any ideas? (example below)
Log level Error Short message Error 400. Bad request Full message IP address 134.119.216.167 Customer Guest Page URL http://www.roadlessgear.com/login Referrer URL http://www.roadlessgear.com Created on 2/21/2020 8:55:07 AM
Looking at each one, the error seems to always be one of three pages. The login page (per my original message) or one of two different blog pages.
What is odd is that these are really old blog posts from back in 2012. So it's not like customers are hitting those pages on a regular basis. I'd be shocked to learn that ANYBODY is actually visiting those pages today. Much less, several times a day.
And I can visit those pages and it does not generate an error log entry when I do. Just like I can login without generating any errors.
The problem also started on our website after upgrading to 4.20 and continues on 4.30. This is has occurred for Web Admins so I don't believe its always a random bot. Each of the errors always contains the %2F value in the login URL e.g. /login?returnUrl=%2F or /login?returnUrl=%2Fdsg-arms So my question or concern is it supposed to have the / %2F value prefix on the returnUrl? I plan to open a support case with NopCommerce team as I'm getting hundreds of these and I'm sure they are impacting my customers in some capacity.
It could be guests/bots trying to access your Admin and getting redirected to the login page because they're unauthorized, though I'm not sure if that would trigger a 400 before the redirect, but there is a setting to restrict the Admin to an IP (if the local IP for the business is static).