still 400 response code, but so weird this time
mdounin at mdounin.ru
Thu Aug 1 09:37:24 UTC 2013
On Thu, Aug 01, 2013 at 03:10:30AM -0400, microwish wrote:
> In access_log file, huge numbers of log entries like this:
> 22.214.171.124 1764839163 - 0.242 [01/Aug/2013:11:02:01 +0800] "foo.bar.com"
> "-" 400 0 "-" "-" "-"
> log_format defined in http conf block:
> '$remote_addr $connection $remote_user $request_time [$time_local]
> "$hostname" "$request" $status $body_bytes_sent "$http_referer"
> "$http_cookie" "$http_user_agent"'
> Points I realized:
> 1) Cannot catch $request, which is full original request line according to
> Nginx documentation. So can it tell at which phrase the connection was
> 2) $body_bytes_sent is zero. So no HTTP response body was generated.
> 3) $http_refer, $http_cookie and $http_user_agent cannot be caught. So does
> this indicate any issue?
> p.s. this might be caused by HTTPS/SSL connections from mobile client, but
> I'm not sure.
Such lines in access log are caused by opening and closing a
connection without sending any data in it. Usually this happens
due to browser optimizations (e.g., Chrome opens an additional
connection "just in case"), but might appear due to various other
reasons as well (e.g. if browser rejects your SSL cert).
As of nginx 1.3.15+ such connections are no longer logged to
access log, see http://nginx.org/en/CHANGES.
More information about the nginx