Its not a single host its like a large broadband network with thousands of hosts in which any host starts generating such request randomly. The behavior shows that it might be some sort of virus generating such request. The current remedy strategy that have been adapted is to make the client restart his PC in safemode with networking (Windows OS only, since it does not occur over Linux clients) and do a real time scan of the machine through antivirus websites, important to mention while sending requests during safemode with network services the client does not generate such abnormal header requests. What information I specifically require is what kind of virus or specifically what virus can infect a PC to generate such request however not affects any of other services (is there any recorded). Secondly I have even tried that option of increasing the header size but somehow the client is able to generate abnormal header larger than specified.
I did logged mime_hdrs which I am pasting here might help you people to diagnose the problem. Corresponding Cache Log Entry 2004/11/10 20:25:44| Config 'request_header_max_size'= 10240 bytes. 2004/11/10 20:25:44| Request header is too large (11680 bytes) Corresponding Access Log Entry 1100147107.366 3 xxx.xxx.xxx.xxx NONE/413 1612 NONE error:request-too-large - NONE/- text/html Corresponding Access Log Entry with mime_hdrs logging 1100151996.122 4 xxx.xxx.xxx.xxx NONE/413 1612 NONE error:request-too-large - NONE/- text/html [] [HTTP/1.0 413 Request Entity Too Large\r\nServer: squid/2.5.STABLE5-20040511\r\nMime-Version: 1.0\r\nDate: Thu, 11 Nov 2004 05:46:36 GMT\r\nContent-Type: text/html\r\nContent-Length: 1302\r\nExpires: Thu, 11 Nov 2004 05:46:36 GMT\r\nX-Squid-Error: ERR_TOO_BIG 0\r\n\r] Although I did found some information regarding "ERR_TOO_BIG" in squid documents only but that was not much of help. Mohammed Ali Abbas Asst. CMTS Engineer -----Original Message----- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Thursday, November 11, 2004 2:44 AM To: Ali Abbas Cc: 'Chris Robertson'; [EMAIL PROTECTED] Subject: RE: [squid-users] Error:header-request-too-large On Thu, 11 Nov 2004, Ali Abbas wrote: > That I can understand and I am using the latest version of Squid 2.5 Stable > 7. I tried getting over this problem by specifying larger header size but > then even somehow I started receiving the header size larger than that. You may need to start look at the HTTP traffic to analyze what these requests actually are in order to determine how they best should be handled. It is very hard from this log message alone to say what the traffic is about. Regards Henrik
