On Fri, 2005-02-25 at 20:10 +1100, Andrew Bartlett wrote: > On Tue, 2005-02-15 at 00:13 +0100, Henrik Nordstrom wrote: > > On Tue, 15 Feb 2005, Andrew Bartlett wrote: > > > > > I'm not sure (and I won't be onsite today). The other details are: > > > > > > Client: Mozilla Firefox (post 1.0 snapshot) > > > Authenticated with NTLM > > > > > > This is over the past 2 weeks worth of logs, so I'm not sure if it > > > happens 'often' (and I've yet trawled the logs for a 'normal' case on > > > this URL). > > > > Just to be sure you may want to upgrade to 2.5.STBLE8 (and maybe the > > released critical bugfix at the same time). There was a HTTP protocol > > corruption bugfix between 2.5.STABLE8-RC4 and 2.5.STABLE8, and a critical > > old bug discovered just after the release. > > > > >From an inital analysis it does not look like the HTTP protocol corruption > > bug could possibly trigger on this object however, and cerainly not in a > > manner triggering the given symptoms.. but you never know. > > After updating to STABLE8 and the post-patches, I got another in my mail > today, and it's always the same site: > > 1109296746.064 9824 xxxxxxxx.client.internal.hawkerc.net > TCP_MISS/179897680 1618 GET > http://pimg.163.com/search_js/so_sports_icon.gif xxxxxxx > DIRECT/61.177.95.40 text/html
Just an interesting note - I've just seen this on all 3 client platforms. WinXP (MSIE), Win2k (firefox) and Linux (Mozilla 1.7). The mozilla client isn't doing NTLM (ident or basic auth). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
