There's no carriage return before GET. That machine is either infected with a badly-written scripted "virus", or the owner of that machine is trying to get at your content with a script.

Jim

Thanks for the info!

How likely is it that a Mac has a virus? I'm not very familiar with Macs, but I thought they were pretty virus resistant.

Macs have security problems, too. But there are not as many of them out there, so virus-writers tend to target PCs more often -- more PCs = more "fame" in their minds. Only recently have *nix and Mac viruses garnered much notice.

Jim

Ah. Makes sense. Well, I guess its time for me to take a different approach to searching for a solution. Up till now, I've been looking for general info on bad GET requests. I guess now I'll look for Mac viruses.

Thanks a bunch.

Are you sure its from a Mac? They could simply be spoofing the user-agent string, I recently found a referrer spammer with a UA of "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98" (note the non-matching parentheses).

No, I've talked to the user and its definitely a Mac, which is why we didn't think to tell her to run a virus check right away. I suggested running a spyware removal tool on the affected machine.

If this person is having problems with other sites as well (and I'd suspect she is, since \rGET is not a valid HTTP request), then a virus/spyware scan is first priority. I'm not sure what's availabel for Macs, though.
Next would be a re-install of IE5 [microsoft.com].
Finally, if that doesn't work, I would suggest she download an alternate Mac browser [darrel.knutson.com] such as Firebird, Safari, etc.

Jim

Thanks for all the help! I think I'll have her fill out a form on another one of our sites to see if she has the same problem with that site as well.
Then I'll suggest a reinstall. Unfortunately, she can't change browsers cause our program is only compatible with IE and NN. I know, I know. But I didn't make the program...