Hello,
It seems to me that several proxy administrators had problems with the
urlParse error and the "strange" access.log lines like :
984326992.663 2 xxx.xxx.xxx.xxx NONE/400 1315 GET
http://cache.ese-metz.fr:3128cache.ese-metz.fr:3128 - NONE/- -
Those lines repeat every 15 seconds or so. I think I've found one source
that is causing this and that fills up my logs : Cydoor ads banner software
add-on.
I recently posted that Babylon software (from www.babylon.com) was creating
those lines in my access.log, so I looked up this issue a little bit
further.
Using a "clean computer" running only babylon translator, I did a tcpdump on
the packets and I've found that :
My computer tries to contact 212.29.215.2 on the 80 port directly
(connection that is blocked by my firewall) about three times, then it makes
a connection the the cache and do three bad queries :
984329080.652 2 xxx.xxx.xxx.xxx NONE/400 1315 GET
http://cache.ese-metz.fr:3128cache.ese-metz.fr:3128 - NONE/- -
984329080.665 2 xxx.xxx.xxx.xxx NONE/400 1315 GET
http://cache.ese-metz.fr:3128cache.ese-metz.fr:3128 - NONE/- -
984329080.678 1 xxx.xxx.xxx.xxx NONE/400 1397 GET
/scripts/cms/CmsInit.ASP?ID=1&D2=I`?BCsCH????????&AW=167&LV=2045&CU=11056548
- NONE/- -
This results and two additionnal lines in /var/log/messages like those :
Mar 11 17:45:10 cache squid[675]: urlParse: Illegal character in hostname
'cache.ese-metz.fr:3128cache.ese-metz.fr'
Mar 11 17:45:10 cache squid[675]: urlParse: Illegal character in hostname
'cache.ese-metz.fr:3128cache.ese-metz.fr'
Then my computer redo those direct connections....
Here is the interesting part... a query on the IP 212.29.215.2
(http://www.ripe.net/cgi-bin/whois?query=212.29.215.2) gave me the address
of a ISP in Israel.
Then, I look at the technical forums in Babylon website to see if nobody had
reported problems with proxies. I came across a post
(http://forums.babylon.com/tech/Forum9/HTML/001045.html) who stated that is
was not possible anymore to circumvent the Cydoor Ads banner... I then went
to www.cydoor.com and found out that they had offices in Tel-aviv. So I used
tcpmon and found out that the port corresponding to the packet dump
genereting Squid's error where opened by "cd_load.exe" wich is a stub
program usied by CyDoor. Also, I installed several programs from CyDoor
websites and they generated the same errors on my Squid proxy with the same
symptoms.
CyDoor software tries to connect in an odd way and badly handle web cache...
causing it to trigger frequent errors.
Hope this helps some of you from getting rid of those messages.
--- Samuel Atlan. -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Sun Mar 11 2001 - 12:21:03 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:36 MST