On 12/09/10 12:52, Landy Landy wrote:
Hello everyone. Today I was checking my squid's cache.log and found a lot of this: 2010/09/11 20:37:36| clientParseRequestMethod: Unsupported method attempted by 172.16.100.72: This is not a bug. see squid.conf extension_methods 2010/09/11 20:37:36| clientParseRequestMethod: Unsupported method in request '__' 2010/09/11 20:37:36| clientProcessRequest: Invalid Request
<snip>
............. Don't know what is it but, would like to know. I know is not a bug but, I still like to know what causes it.
A client machine is sending binary garbage into Squid. The _ characters have been used to replace non-printable bytes which may cause damage to your log viewer.
This is known to occur often for interception proxies when apps like VoIP or P2P attempting to use port 80 for their native data in the hopes that it is not firewalled.
It has also been seen on some occasions with microsoft ISA/IIS attempting to do NTLM over the public Internet. A large data POST gets early auth reply from them and the client browser switches to sending a repeat request, as it should, but far too early. This leaves all the non-client software attempting to parse random binary garbage from the second request body as if it were HTTP headers.
The warning itself was used to alert admin when real HTTP WebDAV etc extension methods were being used and let them configure squid to allow those requests through. The 3.1+ Squid handle all this automatically now.
Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.8 Beta testers wanted for 3.2.0.2
