On 12/09/10 12:52, Landy Landy wrote:
> Hello everyone.
>
> Today I was checking my squid's cache.log and found a lot of this:
>
>
> 2010/09/11 20:37:36| clientParseRequestMethod: Unsupported method attempted by 172.16.100.72: This is not a bug. see squid.conf extension_methods
> 2010/09/11 20:37:36| clientParseRequestMethod: Unsupported method in request '__'
> 2010/09/11 20:37:36| clientProcessRequest: Invalid Request
<snip>
> .............
>
> Don't know what is it but, would like to know. I know is not a bug but, I still like to know what causes it.
A client machine is sending binary garbage into Squid. The _ characters
have been used to replace non-printable bytes which may cause damage to
your log viewer.
This is known to occur often for interception proxies when apps like
VoIP or P2P attempting to use port 80 for their native data in the hopes
that it is not firewalled.
It has also been seen on some occasions with microsoft ISA/IIS
attempting to do NTLM over the public Internet. A large data POST gets
early auth reply from them and the client browser switches to sending a
repeat request, as it should, but far too early. This leaves all the
non-client software attempting to parse random binary garbage from the
second request body as if it were HTTP headers.
The warning itself was used to alert admin when real HTTP WebDAV etc
extension methods were being used and let them configure squid to allow
those requests through. The 3.1+ Squid handle all this automatically now.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.8 Beta testers wanted for 3.2.0.2Received on Sun Sep 12 2010 - 03:33:52 MDT
This archive was generated by hypermail 2.2.0 : Sun Sep 12 2010 - 12:00:03 MDT