HTTP Request method CNT from Windows clients

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

HTTP Request method CNT from Windows clients

Peter Viskup
Does anybody seen this in Squid logs already?
httpRqMethod CNT

There is no destination IP nor request host logged. All clients are
Windows machines. Requests are rejected due to not supported HTTP
method.

The complete log entry example:

13/Aug/2018:14:26:18 +0200 10.x.y.z 63740 -> - - responseTime=0
httpXFF=- httpRqProto=1.1 httpRqMethod=CNT httpRqHost=- httpURI=-
httpRef=- httpRsStatus=400 httpRqBytes=283 httpRsBytes=3688 httpUA="-"
httpRqCT="-" httpRsCT="text/html;charset=utf-8" httpRsServer=squid
mime=text/html icapResult=- icapTimeTotal=0 icapTimeRq=- icapTimeRs=-
squidStatus=NONE:HIER_NONE squidError=- squidErrorDetail=-
proxyPort=3128 proxyIP=10.x.c.c proxyNode=10.x.c.a sslBumpMode=-
sslSNI="-" sslClientProto="TLS/1.2" sslServerProto="-"
sslClientCipher="ECDHE-RSA-AES256-GCM-SHA384" sslServerCipher="-"
sslSubject="-" sslIssuer="-" sslCertErrors="-"

--
Peter
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: HTTP Request method CNT from Windows clients

Amos Jeffries
Administrator
On 14/08/18 00:33, Peter Viskup wrote:
> Does anybody seen this in Squid logs already?
> httpRqMethod CNT
>
> There is no destination IP nor request host logged. All clients are
> Windows machines. Requests are rejected due to not supported HTTP
> method.

That is odd because Squid does support unknown request methods these days.

More likely those are just some binary octets that happen to match up to
those letters in ASCII being bump'd and sent to the HTTP processing.

What version of Squid are you using? if it is anything less than 4.2
please upgrade.

>
> The complete log entry example:
>
> 13/Aug/2018:14:26:18 +0200 10.x.y.z 63740 -> - - responseTime=0
> httpXFF=- httpRqProto=1.1 httpRqMethod=CNT httpRqHost=- httpURI=-
> httpRef=- httpRsStatus=400 httpRqBytes=283 httpRsBytes=3688 httpUA="-"
> httpRqCT="-" httpRsCT="text/html;charset=utf-8" httpRsServer=squid
> mime=text/html icapResult=- icapTimeTotal=0 icapTimeRq=- icapTimeRs=-
> squidStatus=NONE:HIER_NONE squidError=- squidErrorDetail=-
> proxyPort=3128 proxyIP=10.x.c.c proxyNode=10.x.c.a sslBumpMode=-
> sslSNI="-" sslClientProto="TLS/1.2" sslServerProto="-"
> sslClientCipher="ECDHE-RSA-AES256-GCM-SHA384" sslServerCipher="-"
> sslSubject="-" sslIssuer="-" sslCertErrors="-"
>


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users