The actual header your web server was muttering about would have been most
helpful here, but guessing based on the hostnames, I would say you are seeing
proxy cache boxes sending some kind of cache control header (like
If-Modified-Since), and your web server doesn't understand it. I don't think
your server fails to understand the actual If-Modified-Since header, since
browsers send that one all the time to check files against their cache. You'd
be seeing this warning all the time if the server didn't understand
If-Modified-Since.
My guess is, they send a non-standard header that other caches of their kind
will understand. I would not suspect this activity to be harmful.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> [EMAIL PROTECTED]
> Sent: Tuesday, April 27, 1999 9:38 AM
> To: [EMAIL PROTECTED]
> Subject: Need some help please...
>
>
> To all,
> Please forgive me if this is not appropriate for this list, but the
> webmaster group doesn't have a clue about security.
>
> I've been seeing the following in my http error logs lately:
>
> [Mon Apr 19 18:30:28 1999] RP3: Info: The request header
> 'XXXXXXXXXXXXXXX' is not formatted correctly. This request header will
> be skipped.
>
> The error message is always exactly the same.
>
> There has been no "one" IP address that's been sending this. Neither is
> there any consistency (i.e. time, day of week, etc.)
>
> But, about 95% of the time it comes from the following addresses:
>
> cacheflow1.gw.utexas.edu [129.116.78.130]
>
> flowbie2-outside.csc.com [192.251.173.34]
>
> cacheflow.insync.net [209.113.31.202]
>
> Question: Is someone trying to blow up my CGI stuff?
> Is this something that certain browsers just "send"
> along with valid requests? (like favicon.ico showing up because a IE5.0
> sets me as a favorite)
>
> Please help folks.
>
> Thanks in advance,
> Michael Sorbera
> Webmaster/security guy/network engineer/whatever else needs to be
> done...
> Randolph-Brooks Federal Credit Union
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
