Hello! On Thu, Aug 01, 2013 at 03:10:30AM -0400, microwish wrote:
> In access_log file, huge numbers of log entries like this: > > 115.85.238.34 1764839163 - 0.242 [01/Aug/2013:11:02:01 +0800] "foo.bar.com" > "-" 400 0 "-" "-" "-" > > > log_format defined in http conf block: > > '$remote_addr $connection $remote_user $request_time [$time_local] > "$hostname" "$request" $status $body_bytes_sent "$http_referer" > "$http_cookie" "$http_user_agent"' > > > Points I realized: > 1) Cannot catch $request, which is full original request line according to > Nginx documentation. So can it tell at which phrase the connection was > dropped? > 2) $body_bytes_sent is zero. So no HTTP response body was generated. > 3) $http_refer, $http_cookie and $http_user_agent cannot be caught. So does > this indicate any issue? > > > p.s. this might be caused by HTTPS/SSL connections from mobile client, but > I'm not sure. Such lines in access log are caused by opening and closing a connection without sending any data in it. Usually this happens due to browser optimizations (e.g., Chrome opens an additional connection "just in case"), but might appear due to various other reasons as well (e.g. if browser rejects your SSL cert). As of nginx 1.3.15+ such connections are no longer logged to access log, see http://nginx.org/en/CHANGES. -- Maxim Dounin http://nginx.org/en/donation.html _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
