They are caused by bad data received from a client browser. There is
nothing Squid can do about it. Either in the current dying request or
appended to an earlier request and not caught at that time (rare)
What squid is logging to cache.log is the start of the request. ** from
the very first letter received ***. As you can see from the snippet it
looks nothing like "GET abcd"
dtinazzi wrote:
> Anybody can help?
>
> The squid proxy is configured as a transparent proxy.
>
> Other errors:
>
> in access.log
>
> 1254223081.196 501 94.x.x.x TCP_MISS/302 1059 GET
> http://profile.live.com/connect/?wa=wsignin1.0&sa=319007920 -
> DIRECT/64.4.24.246 text/html
>
> and the same request, in cache.log
No. These are two very different requests.
The one above starts with "GET http://"... and worked properly.
Receiving a 304 response back.
The one below starts with "79.4/connect"... and died. Squid sent a 400
"Invalid Request" error back to the browser. Then should have forcibly
shut the TCP connection to prevent further trouble.
This _may_ have been logged in access.log as a "NONE/000 - " or
"NONE/400 - " type entry.
>
> 2009/09/29 13:18:04| parseHttpRequest: Unsupported method
> '79.4/connect/?wa=wsignin1.0&sa=319007920'
> 2009/09/29 13:18:04| clientTryParseRequest: FD 16 (94.x.x.x:30725) Invalid
> Request
>
<snip>
>
> I've these problems only with Internet Explorer (6 or 7), NOT with Firefox
> (3.5.3).
One good reason to encourage the changing of browsers amongst your users
then. There is nothing that can be done inside Squid to fix missing data
short of what is already being done.
Are you very certain it's actually IE though? anyone can craft HTTP
requests and the type of badness I suspect happened down the TCP link
before that "79.4" arrived is suspiciously like headers aimed at DDoS
security flaws we fixed a few months ago.
Amos
>
> dtinazzi wrote:
>> Hi all,
>>
>> in these days I'm testing a new squid installation (2.7.STABLE3) and I'm
>> having some troubles; I've a lot of "Invalid request error" on client side
>> and corresponding entries in cache.log like these:
>>
>> 2009/09/23 11:27:45| parseHttpRequest: Unsupported method
>> '.com/piclist?background_color=transparent&banner_example=%3Ciframe+style%3D%22vertical-xxxxxxxxxxxxxxxxxxxxx'
>>
>> 2009/09/23 13:00:27| parseHttpRequest: Unsupported method
>> '.net/pagead/ads?client=ca-pub-xxxxxxxxxxxxxxxx'
>>
>> 2009/09/23 09:22:21| parseHttpRequest: Unsupported method
>> 'k.com/connect/prompt_permissions.php?api_key=xxxxxxxxxxxxxxx'
>>
>> You can see the request has the starting part truncated (all final xxxx
>> characters are mine...), probably it's the reason because I've
>> "unsupported method" error and then "Invalid request", but I've these
>> problems only for certain pages and not for others, so I can't understand
>> the reason.
>>
>> Can you help me? Have you experienced this problem before?
>>
>> Thanks
>> Dario
>>
>>
>
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.13Received on Tue Sep 29 2009 - 12:53:11 MDT
This archive was generated by hypermail 2.2.0 : Tue Sep 29 2009 - 12:00:03 MDT