Re: [squid-users] Weird Stuff in access.log

wh_at_msdrd.com wrote:
> Hello:
>
> I was looking in my access.log file and I found a lot of this:
>
>
> 2008/12/11 22:32:12| WARNING: 1 swapin MD5 mismatches
> 2008/12/11 22:42:38| ctx: enter level 0:
> '//ads1.msn.com/ads/56911/0000056911_000000000000000659017.swf?fd=3Dra=
> d.msn.com&clickTAG=3Dhttp%3A//g.msn.com/0AD0000L/1531736.1%3F%3FPID%3D54851=
> 00%26amp%3BUIT%3DA%26amp%3BTargetID%3D8397791%26amp%3BAN%3D1929923073%26amp=
> %3BPG%3DIMUSV1'
> 2008/12/11 22:42:38| ctx: enter level 1:
> '://ads1.msn.com/ads/56911/0000056911_000000000000000659017.swf?fd=3Dra=
> d.msn.com&clickTAG=3Dhttp%3A//g.msn.com/0AD0000L/1531736.1%3F%3FPID%3D54851=
> 00%26amp%3BUIT%3DA%26amp%3BTargetID%3D8397791%26amp%3BAN%3D1929923073%26amp=
> %3BPG%3DIMUSV1'
> 2008/12/11 22:42:38| HttpStateData::cacheableReply: unknown http status
> code in reply
> 2008/12/11 22:47:26| ctx: exit levels from 1 down to 0
> 2008/12/11 22:47:26| clientParseRequestMethod: Unsupported method in
> request ''
> 2008/12/11 22:47:26| clientProcessRequest: Invalid Request
> 2008/12/11 22:49:25| clientParseRequestMethod: Unsupported method in
> request '=C2=B4=C2=BA'R]Fq=C2=BA
> =C3=86*t=C3=87=C3=93=C2=BA=C2=A6Mbau=C3=93p=C3=BE/;$=C2=B6=C2=A5=C3=AD=C3=
> =BEaW
> 7^@T=C2=AE=C3=ADL>=C3=BBS5=C3=99G=C3=8A'n3=C2=AC[.=C3=B6,=C3=B3D=C3=89J_=C3=
> =BA=C3=B2k
> "=C3=AC>4<J=C3=9A0~iK=C3=AA3=C3=BE<'
> 2008/12/11 22:49:25| clientProcessRequest: Invalid Request
> 2008/12/11 22:50:41| ctx: enter level 0:
> '://games-ak.espn.go.com/s/fbalm/09/images/design08/mastBG.jpg'
> 2008/12/11 22:50:41| ctx: enter level 1:
> '://games-ak.espn.go.com/s/fbalm/09/images/design08/mastBG.jpg'
> 2008/12/11 22:50:41| HttpStateData::cacheableReply: unknown http status
> code in reply
> 2008/12/11 22:53:57| ctx: exit levels from 1 down to 0
> 2008/12/11 22:53:57| ctx: enter level 0:
> '://photos1.hi5.com/0043/297/272/DtECvL297272-01.jpg'
> 2008/12/11 22:53:57| ctx: enter level 1:
> '://photos1.hi5.com/0043/297/272/DtECvL297272-01.jpg'
> 2008/12/11 22:53:57| HttpStateData::cacheableReply: unknown http status
> code in reply
> 2008/12/11 23:01:44| ctx: exit levels from 1 down to 0
> 2008/12/11 23:01:44| statusIfComplete: Request not yet fully sent "POST
> ://www.habbo.es/clientlog/update"
> =C3=95=C2=BF=C3=83!lj=C3=81=C2=A4!=C3=84?a=C2=AA=C3=B3=C3=8A=C3=92=C3=8ET=
> =C3=AEz=C3=81)=C2=A6=C2=B5=C2=BFp=C3=88#O&\_=C3=BEv=C2=B9@
> =C3=8A=C2=B3=C2=
> =B7=C3=A1!=C3=BF'd:
> Unsupported method in request ''=C3=AF8jy=C3=9D"=C3=B91=C3=88=C3=B4
> 2008/12/11 23:08:11| clientProcessRequest: Invalid Request
> 2008/12/11 23:14:04| ctx: enter level 0:
> '://ads1.msn.com/ads/1/0000000001_000000000000000470730.swf?fd=3Dt.msn.=
> com&clickTAG=3Dhttp%3A//g.msn.com/0AD0005Q/1174520.1%3F%3FPID%3D5275428%26a=
> mp%3BUIT%3DA%26amp%3BTargetID%3D8083573%26amp%3BAN%3D2033273487%26amp%3BPG%=
> 3DIMSD24'
> 2008/12/11 23:14:04| ctx: enter level 1:
> '://ads1.msn.com/ads/1/0000000001_000000000000000470730.swf?fd=3Dt.msn.=
> com&clickTAG=3Dhttp%3A//g.msn.com/0AD0005Q/1174520.1%3F%3FPID%3D5275428%26a=
> mp%3BUIT%3DA%26amp%3BTargetID%3D8083573%26amp%3BAN%3D2033273487%26amp%3BPG%=
> 3DIMSD24'
> 2008/12/11 23:14:04| HttpStateData::cacheableReply: unknown http status
> code in reply
> 2008/12/11 23:15:34| ctx: exit levels from 1 down to 0
> 2008/12/11 23:15:34| clientParseRequestMethod: Unsupported method in
> request
> 'ja=C3=B1=C3=B9$)Y=C3=97=C3=AE=C3=B30=C3=8D=C3=BF=C3=95"=C3=82=C3=
> =BD=C2=B4=C3=9A
>
> =20
> =C3=97=C2=BF=C3=AChL2uE=C3=A5=C3=BF
> of
> =C3=82 Br=C3=AE=C2=AE2=C2=B1=C3=8AY
> =C3=96=C2=AA=C3=92Rr=C3=BF2g=C2=BAZ=C2=BB
> r=C2=BDq#=C3=
> =B6=C3=AC=C3=96
> H=C2=B4[=C2=AB=C3=A5h}f3=C3=AE=C3=8Ab=C3=98=C3=AE=C3=940r=C3=9AeV=C3=AD_S=
> =C3=A3=C3=93GohuY=C3=B8=C3=A4=C3=A6=C3=B7pb6F=C3=85K=C3=88V=C2=A8=C3=8B=C3=
> =AF
> Hs4)gO=C3=A1Y=C3=B15 =C3=AEX,&=C3=B7=C3=94=C3=96=C3=BA=C3=8E@
> W=C3=A9=C3=B7=
> e=C2=B8=C2=BDNT=C3=8F
> '>=C3=9C=C3=BF=C2=B0=C3=B5=C3=BA=C2=B2=C3=B2=C3=8A=C2=AD{/
> 2008/12/11 23:15:34| clientProcessRequest: Invalid Request
> 2008/12/11 23:21:52| clientParseRequestMethod: Unsupported method in
> request '=C2=BAM;=C3=91x
> =C3=BEH V Ys
> =C3=8D=C3=A9=C2=B5=C3=90I1=C2=ACF6h=C3=92`=C3=924=C3=
> =9D=C3=BE=C3=992=C2=AF=C3=9E|=C3=AD=C3=BE=C2=B16=C3=A5
> =C3=ACm.=C3=AEe=C3=A3=C3=96
> =C3=B5=C3=B3=C3=828:
> Y=C2=A3'=C3=A9^;=C2=BD=C2=BFo/q5=C3=9E=C2=A2aa/*d=C3=
> =87,
> sj=C3=93:=C3=A4=C2=A89=C2=AD=C2=A8=C2=B1=C3=80=C3=A5=C3=88b3=C3=AE=C3=AE=C2=
> =A7=C2=ACz=C2=BB'uCf=C3=82p=C3=AE=C2=B3X,=C3=B2#)=C2=B2=C3=98]=C3=A1=C3=A0=
> =C2=BA=C2=A6n=C3=BD=C3=B9=C2=A5Y=C2=B5"=C2=BF=C3=B0#=C2=B05=C3=BBm=C3=9D=C2=
> =AE9=C3=A5=C3=8Ej=C3=B9=C2=A1=C3=94=C2=B0%"{'
> 2008/12/11 23:21:52| clientProcessRequest: Invalid Request
> 2008/12/11 23:25:09| clientParseRequestMethod: Unsupported method in
> request '=C3=B2=C3=9829=C3=B7=C2=BE=C2=AFdxks'
> 2008/12/11 23:25:09| clientProcessRequest: Invalid Request
> 2008/12/11 23:28:45| clientParseRequestMethod: Unsupported method in
> request 'k=C3=BE8,=C3=96=C3=A4=C3=9F=C2=B6=C2=A1X
> 6=C3=87=C2=AD=C3=BF4=C2=AD'{=C2=BBP=C2=B3=C3=B7=C2=BDm=C3=8D+=C3=89^=C3=88=
> =C2=AA[=C3=B6=C3=8F=C3=80=C3=A3J=C2=AC=C3=AF=C3=879O=C3=B5=C3=81D=C2=BF=C3=
> =8C^{4R`D=C3=95=C2=B7=C2=A7=C3=80=C3=A2hKJN=C3=A4s-=C3=95=C2=A7=C3=BB5=3D7N=
> =C3=821=C3=8E=C2=ABP'
> 2008/12/11 23:28:45| clientProcessRequest: Invalid Request
> 2008/12/11 23:38:51| clientParseRequestMethod: Unsupported method in
> request ''
> 2008/12/11 23:38:51| clientProcessRequest: Invalid Request
> 2008/12/11 23:49:51| clientParseRequestMethod: Unsupported method in
> request 'k`=C3=B8=C3=AF=C3=B7}}f3].=C3=9EC=C3=A5'
> 2008/12/11 23:49:51| clientProcessRequest: Invalid Request
>
>
> Is this trouble or is ok to have all that stuff in the log?
>
> Thanks.
>

Its a good thing that it got logged that way.
Something is broken.

You will need a trace of the full requests and replies that tried to go
through to see exactly what the client and serer were trying to do.

At a guess I'd say probably HTTP traffic trying to go through an HTTPS port.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
   Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1