此错误是由格式错误的HTTP请求引起的。
在大多数情况下，此消息具有误导性，因为当您尝试通过https访问不安全的页面时，通常会发生此错误。
Tomcat不知道传入的请求是加密的，并且正在尝试将此请求解释为普通的，不安全的http请求。

This error is caused by malformed HTTP request. In most cases this message is misleading because this error usually happens when you are trying to access unsecured page through https. Tomcat doesn't know that incoming request is encrypted and is trying to interpret this request as plain, unsecured http request.

这就是它在日志中的样子：

标准，正确的HTTP请求（ http：// localhost：8080 ）

Standard, proper HTTP request (http://localhost:8080)

Received [GET /index.html HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.76 Mobile Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, sdch
Accept-Language: pl,en-US;q=0.8,en;q=0.6
Cookie: Idea-xxxxx; JSESSIONID=3dxxxxx

] 

HTTPS请求（ https：// localhost：8080 ）

HTTPS request (https://localhost:8080)

Received [¹µHÄ;ß!P@<¿
                                                                                                                                #|vFBb-Ëiø/5
jÿ

                   hhttp/1.1uP
                               
] 

正如你所看到的在第二个请求中，有未知的字符而不是正确的HTTP方法名称（例如GET）

As you can see in second request, there are unknown chars instead of proper HTTP method name (e.g. GET)

因此，如果您的服务器没有SSL配置并且错误发生一天一次或两个，然后可能有人试图通过https（可能是某种机器人）到达你的网站

So if your server has no SSL configuration and error occurs "once in a day or two", then probably someone is trying to reach your website through https (probably some kind of bot)

最终有人试图发送不安全但格式错误的普通HTTP请求（通过他自己的应用程序 - 机器人或其他自定义客户端。

Eventually someone is trying to send nonsecured but malformed plain HTTP request (through his own application - bot or other custom client).