Hi all,

I just happened to be scanning through my urlscan logs when I stumbled on
some strange (to me anyway) entries. The originating ip address is
127.0.0.1 (localhost) and the errors are all the same -

[01-30-2004 - 18:07:20] Client at 127.0.0.1: Received a malformed request
which resulted in error 50 while modifying the 'Server' header. Request will
be rejected with a 400 response.

Does this mean there is something on my machine that is incorrectly trying
to access the webserver (IIS 5.1 on XP Pro)? Or is this a normal error? I
went back a month and a half and it showed up 6 times on different days.
Nothing matched up in my firewall logs to the time of the errors.

Any insight into this would be very appreciated.

TIA,

Jon

The claimed IP is not necessarily trusted since IP can be spoofed.

I can say is that you are either modifying or removing the Server: header
from the response, and someone/thing sent you a request that was not HTTP
1.0 or HTTP 1.1 as parsed by IIS. Request such as:
GET / \r\n
\r\n

There are HW out there which sends this exact request and expect a 200; I'm
not certain if it applies in your case.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
[quoted text, click to view]
Hi all,

I just happened to be scanning through my urlscan logs when I stumbled on
some strange (to me anyway) entries. The originating ip address is
127.0.0.1 (localhost) and the errors are all the same -

[01-30-2004 - 18:07:20] Client at 127.0.0.1: Received a malformed request
which resulted in error 50 while modifying the 'Server' header. Request will
be rejected with a 400 response.

Does this mean there is something on my machine that is incorrectly trying
to access the webserver (IIS 5.1 on XP Pro)? Or is this a normal error? I
went back a month and a half and it showed up 6 times on different days.
Nothing matched up in my firewall logs to the time of the errors.

Any insight into this would be very appreciated.

TIA,

Jon