Re: [squid-users] Squid eating 100% CPU

From: Henrik Nordstrom <[email protected]>
Date: Thu, 10 Feb 2005 10:33:03 +0100 (CET)

On Thu, 10 Feb 2005, Ralf Hildebrandt wrote:

> 2005/02/10 10:09:48| ctx: enter level 0: 'http://de.sitestat.com/qvc/qvc/s?tvprogramm.kalender&ns__t=1108026476843'
> 2005/02/10 10:09:48| WARNING: found whitespace in HTTP header name {Cache Control: no-cache}
> 2005/02/10 10:09:48| ctx: exit level 0

This is expected with the current patches. Lots of malfunctioning web
servers out there, and the upcoming Squid-2.5.STABLE8 release will notice
some of them..

> As well as this kind of message:
> 2005/02/10 10:09:26| WARNING: unparseable HTTP header field near {GET
> /webworkflow/zwf/application/BookingNew/class.class HTTP/1.1
> cookie: ASPSESSIONIDQCRAAQSD=BCPPFJOAKIKFICNBOBECDCDF
> User-Agent: Mozilla/4.0 (Windows 2000 5.0) Java/1.4.2_06
> Host: intranet.medipart.com
> Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
> Connection: keep-alive
> }

This is just before the one below, right? Looks like the same error, just
in two different forms.

> 2005/02/10 10:09:26| Failed to parse request headers: intranet.medipart.com:443
> CONNECT intranet.medipart.com:443 HTTP/1.1
> GET /webworkflow/zwf/application/BookingNew/class.class HTTP/1.1
> cookie: ASPSESSIONIDQCRAAQSD=BCPPFJOAKIKFICNBOBECDCDF
> User-Agent: Mozilla/4.0 (Windows 2000 5.0) Java/1.4.2_06
> Host: intranet.medipart.com
> Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
> Connection: keep-alive

This one is obviously bad. The GET and cookie lines have no business being
there, and in fact indicates a serious information leakage bug in the
client if this is indeed meant to be a CONNECT request for an https://
resource (which looks as it is the case).

Regards
Henrik
Received on Thu Feb 10 2005 - 02:33:08 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST