HEAD GET decoded requests

Question

Hi,

We run a service on jboss. Sometimes we receive requests that have params completely decoded. Below is the apache access log entries. Look at the redirect_url params in following urls. For such urls to work the params need to be encoded. Urls that we post are encoded. Either somebody is explictly decoding stuff before it reaches us, some faulty browser plug-in etc or our server is doing something we do not understand.

78.150.249.12 - - [30/Apr/2009:19:44:58 +0000] "HEAD /r/?client_id=2&redirect_url=http://www.amazon.co.uk/gp/search?ie=UTF8&keywords=William+Kentridge&search-alias=stripbooks&tag=inhouse3408608&token=3to08p0nn54916kfc000db5gmf HTTP/1.1" 400 - "-" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

78.150.249.12 - - [30/Apr/2009:19:44:58 +0000] "GET /r/?client_id=2&redirect_url=http://www.amazon.co.uk/gp/search?ie=UTF8&keywords=William+Kentridge&search-alias=stripbooks&tag=inhouse3408608&token=3to08p0nn54916kfc000db5gmf HTTP/1.1" 400 965 "-" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

Any suggestions?

Answer 1

The HEAD/GET pattern looks like a web accelerator plugin/proxy of some kind - HEAD-ing a link to see if it exists/is modified and then fetching it. Assuming you don't have some other web server in front of your JBoss, then it's unlikely to be your fault.

Also, I don't think that's actually a real user-agent string (real IE6 UAs on XP generally send their CLR version as well), which would support the theory that it's a broken proxy server.