3

We see errors like this in the apache error log:

[Thu May 17 14:32:35 2012] [error] [client 192.168.1.1] File does not exist:
/home/www-data/mywebsite.com/r/cache, referer: http://www.mywebsite.com/r/1010

It is strange because:

  1. There is no reference in the code/url about a folder/file "cache".
  2. The folder/file "cache" does not exist
  3. The client is randomly trying to access a "cache" folder everywhere on the website.
  4. It is always trying to access the folder/file "cache" following this pattern:

Pattern:

/level1/.../levelwhatever/filename (referer)
/level1/.../levelwhatever/cache

We run a LAMP (Debian stable: PHP 5.3.3-7+squeeze9. We also use APC 3.1.3p1). We use Google Analytics and AdSense.

We do not know how to reproduce the problem.

Note: I replaced the user's IP in the code for privacy.

Toto
  • 293
  • 1
  • 4
  • 12
  • That client is on an internal IP address - do you have access to the client system? – Shane Madden May 17 '12 at 21:10
  • I replaced the public ip by a private one for privacy issue. No issue there. :) – Toto May 17 '12 at 21:15
  • I mean, can you touch a client system making this request in order to troubleshoot? – Shane Madden May 17 '12 at 21:17
  • Not sure I understand. http://www.mywebsite.com/r/1010 is valide. there is no reason in the code for the browser to open http://www.mywebsite.com/r/cache which would return a 404. – Toto May 17 '12 at 21:22
  • Right - which tells me that the browser (or, bot - whatever this HTTP client is) is misbehaving. – Shane Madden May 17 '12 at 21:23
  • We suspected a bad script/bot. Nope, it happens to "real" users. – Toto May 17 '12 at 21:31
  • Is there an entry in the access log for a request to the `cache` directory? – Shane Madden May 17 '12 at 21:34
  • There is not only one specific url which is being accessed. The client is randomly trying to access a "cache" folder in the same url as the referer page. – Toto May 17 '12 at 21:42
  • 3
    Ok - but please check the access log anyway. This will confirm that the client is indeed the problem, and not a misbehaving module on the server, for instance. Then, can you confirm whether or not you have access to a client system that is making these requests? – Shane Madden May 17 '12 at 21:45

2 Answers2

3

It seems that Chrome browser had a bug (Issue 132059:) http://code.google.com/p/chromium/issues/detail?id=132059

for specific versions (19.0.1084.52-2 19.0.1084.56 not with 18.xx)

mr.baby123
  • 146
  • 3
  • Please provide a summary of the bug, as links have a dreadful habit of dying. – John Gardeniers Sep 10 '12 at 09:42
  • One possible reason is that it's not a Chrome bug, but some malware plugin called "Browser Companion Helper" that makes such requests. – nightcoder Sep 11 '12 at 19:19
  • I added reply on: http://stackoverflow.com/questions/12987688/unknown-http-requests-of-type-http-domain-cache-32-digit-alphanumeric-key/12996119#12996119 (the bug still exists) – mr.baby123 Oct 21 '12 at 08:31
1

I think this may be caused by a CMS which offers caching functionality which does not work correctly. The script might want to deliver a cached page to the client, thus the error, even though the client did not directly request this page at all.

You should check the documentation of the CMS you are using for a description of caching mechanisms. It could be a simple configuration error, e.g. the directory permissions are not set correctly so the apache/php process cannot create the cache folder/cannot write to it

leepfrog
  • 488
  • 2
  • 9
  • We produced all the code (no CMS). Nowhere in the code a reference to a file/folder cache is done. It looks more like a module/configuration issue (APC, htaccess rewrite, deflate, etc.). – Toto May 17 '12 at 22:41
  • Ok that is strange then. Does the client have some type of AV/Firewall installed/uses a proxy or uses browser extensions/toolbars? These can perform a sort of URL prefetching/caching which might cause this. To be sure it is not one of these temporarily disable all security products, use a direct (non proxy) connection to the webserver and use a browser without toolbars/extensions – leepfrog May 18 '12 at 05:48