Re: [squid-users] WARNING: unparseable HTTP header field {:: }
On 12/11/2013 9:08 p.m., Dr.x wrote: hi , is that harmfull log ?? 2013/11/11 02:20:12 kid2| WARNING: unparseable HTTP header field {:: } 2013/11/11 02:20:13 kid1| ctx: exit level 0 2013/11/11 02:20:13 kid1| ctx: enter level 0: 'http://vap2iad3.lijit.com/www/delivery/lg.php?bannerid=38827campaignid=232cids=232bids=38827zoneid=220681retarget_matches=nulltid=1075526134_220681_a90622ba5df04921Bd03a7abab3f6328channel_ids=,fpr=c874c715b2faad8885ad1254850d8d74loc=http%3A%2F%2Fforum.mobilism.org%2Fviewtopic.php%3Ff%3D1292%26t%3D652520referer=http%3A%2F%2Fforum.mobilism.org%2Fviewtopic.php%3Ff%3D1292%26t%3D652520cb=78291847' 2013/11/11 02:20:13 kid1| WARNING: unparseable HTTP header field {:: } I means the response to the URL shown contains corrupted HTTP headers. Something outside the HTTP protool has been injected, So Squid will drop the header, if relaxed_header_parser is disabled then the whole response is dropped. In this case the reponse is: HTTP/1.1 204 No Content Server: nginx Content-Type: text/html Connection: close Date: Tue, 12 Nov 2013 08:29:00 GMT P3P: CP=CUR ADM OUR NOR STA NID Set-Cookie: ljt_reader=9927a11290d0240d8b2c3a6526658585; expires=Wed, 12-Nov-2014 08:29:00 GMT; path=/; domain=.lijit.com :: Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0 Pragma: no-cache Notice the line which contains only ::. Exactly as Squid reported. Amos
Re: [squid-users] WARNING: unparseable HTTP header field {:: }
* Amos Jeffries squ...@treenet.co.nz: On 12/11/2013 9:08 p.m., Dr.x wrote: hi , is that harmfull log ?? 2013/11/11 02:20:12 kid2| WARNING: unparseable HTTP header field {:: } 2013/11/11 02:20:13 kid1| ctx: exit level 0 2013/11/11 02:20:13 kid1| ctx: enter level 0: 'http://vap2iad3.lijit.com/www/delivery/lg.php?bannerid=38827campaignid=232cids=232bids=38827zoneid=220681retarget_matches=nulltid=1075526134_220681_a90622ba5df04921Bd03a7abab3f6328channel_ids=,fpr=c874c715b2faad8885ad1254850d8d74loc=http%3A%2F%2Fforum.mobilism.org%2Fviewtopic.php%3Ff%3D1292%26t%3D652520referer=http%3A%2F%2Fforum.mobilism.org%2Fviewtopic.php%3Ff%3D1292%26t%3D652520cb=78291847' 2013/11/11 02:20:13 kid1| WARNING: unparseable HTTP header field {:: } I means the response to the URL shown contains corrupted HTTP headers. Something outside the HTTP protool has been injected, So Squid will drop the header, if relaxed_header_parser is disabled then the whole response is dropped. Since I'm also seeing that, I'd guess lijit.com is having issues. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
Re: [squid-users] WARNING: unparseable HTTP header field
I'd guess it's a worm attempting to either hit your squid, or go through it to another web server (depending on how your squid is set up). But then, Im not an expert either, so I might be wyyy off. Tim Lucia Di Occhi wrote: I am getting a lot of the following in my cache.log, as anyone seen it before and/or can take a wild guess? 2005/09/11 23:19:36| WARNING: unparseable HTTP header field {N*!!!PT!!!U_~~8OQVn8PP0!!!NB!!!)2~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0 !!!NB!!!)~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0~!!!)=~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0~; lf=b*!!!DJ$! !#Eh$!!#UM$!!#b'#!!#b9$!!#dx$!!#e7#} 2005/09/11 23:22:01| WARNING: unparseable HTTP header field {N*!!!PT!!!U_~~8OQVn8PP0!!!NB!!!)2~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0 !!!NB!!!)~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0~!!!)=~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0~; lf=b*!!!DJ$! !#Eh$!!#UM$!!#b'#!!#b9$!!#dx$!!#e7#} 2005/09/11 23:22:06| WARNING: unparseable HTTP header field {N*!!!PT!!!U_~~8OQVn8PP0!!!NB!!!)2~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0 !!!NB!!!)~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0~!!!)=~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0~; lf=b*!!!DJ$! !#Eh$!!#UM$!!#b'#!!#b9$!!#dx$!!#e7#} 2005/09/11 23:22:21| WARNING: unparseable HTTP header field {N*!!!PT!!!U_~~8OQVn8PP0!!!NB!!!)2~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0 !!!NB!!!)~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0~!!!)=~!!!1t!!!7T!!!^~!#Ds0*E[XF![(N*!!!PT!!!U_~~8OQVn8PP0~; lf=b*!!!DJ$! !#Eh$!!#UM$!!#b'#!!#b9$!!#dx$!!#e7#} I am also getting plenty of this: 2005/09/11 23:37:05| WARNING: unparseable HTTP header field {403,14,URL,/vanityParser.cfm} 2005/09/11 23:37:05| WARNING: unparseable HTTP header field {404,*,URL,/test.htm} 2005/09/11 23:37:05| WARNING: unparseable HTTP header field {500,100,URL,/iisHelp/common/500-100.asp} _ Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 ** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. **