On Thu, Dec 06, 2012 at 01:24:59AM +0200, SBD wrote:
> Hi Willy,
>
> Thank you for your reply. And thank you guys for a great product.
>
> The requests are not coming from a single or even a few IP addresses and
> that what make us worry a bit though we have not got any complains from our
> users about errors or anything similar.
Since these are invalid requests, they're blocked so your users will not see
them.
> I also tried to filter out those requests with ACL checking for only 1 byte
> in the request but with no success.
Even if you block them, they'll still be logged unfortunately. We've said
for a long time that we need some "disable-log if ..." directives at a few
places (tcp-request, http-request, http-response at least). But we don't
have them yet.
> Did you ever occur such a requests? (NULL byte)
No, really. I think that either someone is having fun of you or believes
he's harming you, or that you may be checked by a buggy service.
Hmmm I have an idea that you could use on 1.5-dev only (not sure whether
it will fit your needs). Just pass through a filtering layer which does
not log :
listen www
bind :80
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if HTTP
tcp-request content reject
server local 127.0.0.1:1 send-proxy
frontend local
bind 127.0.0.1:1 accept-proxy
mode http
log global
...
In 1.4 you can also do it without the send-proxy/accept-proxy directives,
which implies you'll lose the client's IP address. I'm sure it's important
to you otherwise you would have disabled logging.
Still that's something you might want to experiment with.
Cheers,
Willy
