Strange entries in Apache access log

Server Config
1

The last few days I noticed strange stuff in my access log:

188.107.245.66 - - [18/Oct/2011:19:12:19 +0300] "S\\xe5\\v\\xa1\\xdcJ3\\b\\x86V\\x06\\xdf\\xfc\\xe12\\x17\\xcf5\\xcc\\xe4\\xceF" 400 226
188.87.22.67 - - [18/Oct/2011:19:45:57 +0300] "\\x86E\\x80\\x1aAv_t\\xef\\xc1\\x15\\xe6\\xf6G\\x136\\xf6\\xb2\\x10d\\xd0\\xd4\\x8d\\xb8\\xbe!\\xd0\\xe1f" 302 -
81.157.125.118 - - [18/Oct/2011:20:22:03 +0300] "\\xd9V\\xdd\\xfa[l_\\"l\\x8b=\\xa9\\x02\\x87\\x81\\xccV\\x843\\x0e\\x18\\xbb\\xd9X\\xb7\\xcf\\xc5\\xaf\\xf6P\\xff\\x81\\x92\\x0e\\x9bld\\x7f\\x83<YA\\xd2\\x0c\\x8e\\xfd\\xcb\\xab\\x85\\xc6" 400 226
82.113.121.32 - - [19/Oct/2011:19:56:34 +0300] "\\xfd\\xe8\\x1clL\\x04\\x12\\xeau\\xf6v>\\xc4\\xd8\\x8b\\xea\\xf1\\xd2<\\x11\\xe9\\xfa\\xa1\\x89\\xd7\\xc3`\\xb0\\xc5(\\x07\\xde\\x12\\x88\\xb8\\x9b\\xfc\\xf7kq," 302 -
77.181.227.10 - - [20/Oct/2011:19:01:44 +0300] "\\x9a\\xaf\\x1b" 302 - "-" "-"
194.228.94.242 - - [21/Oct/2011:12:31:49 +0300] "$\\xfe\\x87O\\xa7\\xb6\\x0e\\x17[}" 302 - "-" "-"
188.187.133.114 - - [21/Oct/2011:20:19:35 +0300] "M\\x85r?\\xf3\\x81\\x13\\x0e\\xc8\\xab" 302 - "-" "-"
95.103.75.20 - - [22/Oct/2011:16:41:58 +0300] "\\xc0\\xfd\\xbf\\xcf" 200 194 "-" "-"
46.135.104.255 - - [22/Oct/2011:16:58:52 +0300] "w\\xc1\\x15\\xadqk\\x85\\xa18\\x83\\xf0\\xe8{\\x95\\x10\\x92}\\xa8\\x9e\\xddt\\xcdiA\\x02\\x17G\\xf1R\\x96p" 200 194 "-" "-"
93.96.74.252 - - [22/Oct/2011:23:25:37 +0300] "\\xfbO\\xed\\xda\\x85$\\xa8\\xa6\\x8e\\xcdi\\xc6\\x13't$\\xc1 1\\xa8\\xec4(\\x98\\xc3\\xda\\xbc\\x8b," 400 226 "-" "-"

Normally I see this:

174.129.228.67 - - [23/Oct/2011:06:56:53 +0300] "GET /robots.txt HTTP/1.0" 200 26 "-" "ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)"

The first thing I don’t understand is why the strange requests don’t include a method (get/post/head/etc). The second thing is obvious: what does it mean? And the third thing: why do I have different response codes for those requests? Sure, depending on what they do Apache replies differently, but I don’t know what’s behind the encoded requests.

2

Two more entries:

88.75.80.97 - - [23/Oct/2011:17:50:38 +0300] "\\xe5\\xda\\x1fz\\xd9\\xec\\xe0\\x05\\xb2%\\x837\\x16\\xda=\\xcci#m &\\xa5M\\x85\\xc7\\x7f\\x1a\\xc8\\xcb\\x98\\x15\\x99Z" 400 226 "-" "-"
60.53.86.243 - - [24/Oct/2011:07:54:35 +0300] "\\xd8\\xc5\\xfa\\x0f\\xc3dywH\\xc5\\x8f\\xcbc\\xd6\\xa1\\x13\\xfb\\xfc\\x88\\xf5!\\x0c\\xaf\\x18\\xdcpr\\b?\\x83\\xe3\\x9bV\\xafN:\\xea\\b\\x14VpdY\\x9e\\xfb 79q-p\\x89t\\xbe\\xfey" 400 226 "-" "-"

So far my server replied like this:
200 - OK
302 - Moved Temporarily
400 - Bad Request

I’m not worried about 302 and 400 but I have concerns about what’s behind the two actions that made my web server accept the requests. :confused: The missing method (get/post/head/etc) in the access log makes me believe the requests were not made by a regular HTTP client.

Does anyone know how to handle this situation?