Now I'm sure that "400" entries in access log are caused by SSL connections, which either finish SSL handshakes without sending any more data, or even do not finish SSL handshakes.
Because most SSL processing includeing SSL handshakes consume much CPU resource, I want to kick those rubbish SSL connections away.
Any suggestions? It seems like an impossible mission.
On Friday, August 2, 2013 3:00:18 AM UTC+8, agentzh wrote:
Hello!
On Thu, Aug 1, 2013 at 12:16 AM, microwish wrote:
> In access_log file, huge numbers of log entries like this:
>
> 115.85.238.34 1764839163 - 0.242 [01/Aug/2013:11:02:01 +0800] "foo.bar.com"
> "-" 400 0 "-" "-" "-"
>
A lot of 400 errors are caused by modern web browsers which often open
multiple connections and shut down some of them without sending out
requests. And some load-balancers or health checkers may also do
something like this.
To further confirm the actual reasons, you'd better write a tool based
on sysemtap or dtrace to trace your live nginx worker processes. You
can take a look at my Nginx Systemtap Toolkit:
https://github.com/agentzh/nginx-systemtap-toolkit
Regards,
-agentzh