September 1st, 2004, 12:56 PM
Apache Log Question
I found this in my logfile yesterday and was wondering if anyone can shed some light on it.
192.168.101.155 - - [31/Aug/2004:10:21:04 -0400] "&\x063(\xd1.d\b\xdaiU\xefT\xf5%zQ\xa3\x96\xcbTv\x97e\xf0y\x82t=\x1d\xddI\xfa\xa8.\xd2\xad\x8b\x0c\x8b\xe4\xf8\xb2\xda:I\x91\x1a" 400 -
It obviously came from someone on our LAN, but I'm not sure what it is ? The entry before and after this entry were normal, from the same machine, but this one was a little odd.
I know who the person was and she has no intention,knowledge, need, want etc. to do anything malicious, but this was just a little concerning.
Any ideas ?
September 1st, 2004, 05:47 PM
Looks like some faulty client software sending a completely corrupt request.
Are you sure something wasn't trying to connect to the HTTP server using a completely different protocol?
September 1st, 2004, 07:42 PM
Agreed with slarty above...but I don't think it's a different protocol because you can connect to a web server in a number of ways, the two primary ways being telnet and a browser. Looks to be a corrupt packet or something, not sure. The 400 on the end results in apache sending the HTTP_BAD_REQUEST back to the client, so it didn't understand what was given to it and IMHO, responded accordingly.
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
September 1st, 2004, 08:22 PM
It may be. She was testing one of our web apps that we have but this is the first time I have noticed it in the logs at all. She said she was getting some errors throughout the day, maybe this is something related.