Solved!!
I realized that at the same time of the warnings, i have at access.log
the next entries:
[28/Feb/2011:08:34:59 +0100] "POST
http://activate.pdfcreator-toolbar.org/toolbar/activate.php HTTP/0.0"
400 1733 NONE:NONE
[28/Feb/2011:08:34:59 +0100] "POST
http://activate2.pdfcreator-toolbar.org/toolbar/activate.php HTTP/0.0"
400 1733 NONE:NONE
So it is a toolbar that sometimes PDF Creator installs, and it's
trying to make those connections. Just uninstall it and everything ok.
Thanks Amos for putting me on the track.
2011/2/25 Amos Jeffries <squid3_at_treenet.co.nz>:
> On 25/02/11 22:39, Gontzal wrote:
>>
>> Hi list,
>>
>> I always have this messages on my cache.log, but i've never been
>> worried about them, it is just curiosity to know what this means and
>> if I can solve it:
>>
>> The message is:
>>
>> 2011/02/25 09:53:53| WARNING: HTTP header contains NULL characters
>> {Accept: */*^M
>> Content-Type: application/x-www-form-urlencoded}
>>
>
> Exactly what is says. The HTTP headers contain a NULL character.
> Older Squid will only display one {} section with the NULL byte being right
> after the last displayed character. 3.x will display two {} sections with
> the text "NULL" in between to indicate the problem better.
>
>
> Squid should be aborting the request unanswered and closing the TCP link
> involved. This is sign of an attack on the HTTP service, although it can be
> done by badly broken software unintentionally.
>
> In this case the Content-Type indicates the headers came from some client
> agent. I don't think its a browser since they are usually sending correct
> HTTP requests.
>
> If you have time it is worth tracking down where these come from and seeing
> what can be done to fix the source.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.11
> Beta testers wanted for 3.2.0.5
>
Received on Mon Feb 28 2011 - 10:40:24 MST
This archive was generated by hypermail 2.2.0 : Mon Feb 28 2011 - 12:00:04 MST