subject:"Re\: \[squid\-users\] WARNING\: unparseable HTTP header field \{\:\: \}"

Re: [squid-users] WARNING: unparseable HTTP header field {:: }

2013-11-12 Thread Amos Jeffries

On 12/11/2013 9:08 p.m., Dr.x wrote:
 hi ,
 is that harmfull log ??
 
 2013/11/11 02:20:12 kid2| WARNING: unparseable HTTP header field {:: }
 2013/11/11 02:20:13 kid1| ctx: exit level  0
 2013/11/11 02:20:13 kid1| ctx: enter level  0:
 'http://vap2iad3.lijit.com/www/delivery/lg.php?bannerid=38827campaignid=232cids=232bids=38827zoneid=220681retarget_matches=nulltid=1075526134_220681_a90622ba5df04921Bd03a7abab3f6328channel_ids=,fpr=c874c715b2faad8885ad1254850d8d74loc=http%3A%2F%2Fforum.mobilism.org%2Fviewtopic.php%3Ff%3D1292%26t%3D652520referer=http%3A%2F%2Fforum.mobilism.org%2Fviewtopic.php%3Ff%3D1292%26t%3D652520cb=78291847'
 2013/11/11 02:20:13 kid1| WARNING: unparseable HTTP header field {:: }

I means the response to the URL shown contains corrupted HTTP headers.
Something outside the HTTP protool has been injected, So Squid will drop
the header, if relaxed_header_parser is disabled then the whole response
is dropped.


In this case the reponse is:

  HTTP/1.1 204 No Content
  Server: nginx
  Content-Type: text/html
  Connection: close
  Date: Tue, 12 Nov 2013 08:29:00 GMT
  P3P: CP=CUR ADM OUR NOR STA NID
  Set-Cookie: ljt_reader=9927a11290d0240d8b2c3a6526658585; expires=Wed,
12-Nov-2014 08:29:00 GMT; path=/; domain=.lijit.com
  ::
  Expires: Thu, 01 Jan 1970 00:00:01 GMT
  Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
  Pragma: no-cache


Notice the line which contains only ::. Exactly as Squid reported.

Amos

Re: [squid-users] WARNING: unparseable HTTP header field {:: }

2013-11-12 Thread Ralf Hildebrandt

* Amos Jeffries squ...@treenet.co.nz:
 On 12/11/2013 9:08 p.m., Dr.x wrote:
  hi ,
  is that harmfull log ??
  
  2013/11/11 02:20:12 kid2| WARNING: unparseable HTTP header field {:: }
  2013/11/11 02:20:13 kid1| ctx: exit level  0
  2013/11/11 02:20:13 kid1| ctx: enter level  0:
  'http://vap2iad3.lijit.com/www/delivery/lg.php?bannerid=38827campaignid=232cids=232bids=38827zoneid=220681retarget_matches=nulltid=1075526134_220681_a90622ba5df04921Bd03a7abab3f6328channel_ids=,fpr=c874c715b2faad8885ad1254850d8d74loc=http%3A%2F%2Fforum.mobilism.org%2Fviewtopic.php%3Ff%3D1292%26t%3D652520referer=http%3A%2F%2Fforum.mobilism.org%2Fviewtopic.php%3Ff%3D1292%26t%3D652520cb=78291847'
  2013/11/11 02:20:13 kid1| WARNING: unparseable HTTP header field {:: }
 
 I means the response to the URL shown contains corrupted HTTP headers.
 Something outside the HTTP protool has been injected, So Squid will drop
 the header, if relaxed_header_parser is disabled then the whole response
 is dropped.

Since I'm also seeing that, I'd guess lijit.com is having issues.

-- 
Ralf Hildebrandt   Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de  Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155

Re: [squid-users] WARNING: unparseable HTTP header field

2005-09-11 Thread Tim Bates

I'd guess it's a worm attempting to either hit your squid, or go through 
it to another web server (depending on how your squid is set up).

But then, Im not an expert either, so I might be wyyy off.

Tim

Lucia Di Occhi wrote:

I am getting a lot of the following in my cache.log, as anyone seen it 
before and/or can take a wild guess?


2005/09/11 23:19:36| WARNING: unparseable HTTP header field 
{N*!!!PT!!!U_~~8OQVn8PP0!!!NB!!!)2~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0 

!!!NB!!!)~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0~!!!)=~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0~; 
lf=b*!!!DJ$!

!#Eh$!!#UM$!!#b'#!!#b9$!!#dx$!!#e7#}
2005/09/11 23:22:01| WARNING: unparseable HTTP header field 
{N*!!!PT!!!U_~~8OQVn8PP0!!!NB!!!)2~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0 

!!!NB!!!)~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0~!!!)=~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0~; 
lf=b*!!!DJ$!

!#Eh$!!#UM$!!#b'#!!#b9$!!#dx$!!#e7#}
2005/09/11 23:22:06| WARNING: unparseable HTTP header field 
{N*!!!PT!!!U_~~8OQVn8PP0!!!NB!!!)2~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0 

!!!NB!!!)~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0~!!!)=~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0~; 
lf=b*!!!DJ$!

!#Eh$!!#UM$!!#b'#!!#b9$!!#dx$!!#e7#}
2005/09/11 23:22:21| WARNING: unparseable HTTP header field 
{N*!!!PT!!!U_~~8OQVn8PP0!!!NB!!!)2~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0 

!!!NB!!!)~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0~!!!)=~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0~; 
lf=b*!!!DJ$!

!#Eh$!!#UM$!!#b'#!!#b9$!!#dx$!!#e7#}

I am also getting plenty of this:

2005/09/11 23:37:05| WARNING: unparseable HTTP header field 
{403,14,URL,/vanityParser.cfm}
2005/09/11 23:37:05| WARNING: unparseable HTTP header field 
{404,*,URL,/test.htm}
2005/09/11 23:37:05| WARNING: unparseable HTTP header field 
{500,100,URL,/iisHelp/common/500-100.asp}


_
Is your PC infected? Get a FREE online computer virus scan from 
McAfee® Security. 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963







**
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**

Re: [squid-users] WARNING: unparseable HTTP header field {:: }

Re: [squid-users] WARNING: unparseable HTTP header field {:: }

Re: [squid-users] WARNING: unparseable HTTP header field

3 matches

Site Navigation

Mail list logo

Footer information