Centos – Apache access log \x80w\x01\x03\x01

These byte sequences in your logs look like the beginning of SSL version 2 client hello packets, and result from some HTTPS clients connecting to a port where your web server expects plain HTTP, not HTTPS. Your web server tries to interpret the start of SSL handshake as the HTTP request method.

So you have two problems here:

1. Someone tries to talk HTTPS to a port on which your web server expects HTTP. This may be a misconfiguration of your server (e.g., you added a Listen 443 directive, but did not enable HTTPS correctly), or just the result of port scans from dumb robots which try HTTPS on nonstandard ports. Or this may be caused by a client misconfiguration (something like https://example.com:80/ could result in such behavior).
2. Your server for some reason replies with status code 200 to requests with a bogus method. While Apache itself should not handle such unknown methods, PHP by default accepts everything and passes the request to the script. Together with some rewrite rules which cause request for nonexistent files to be passed to index.php (commonly used to get “clean URLs”) and scripts which do not check $_SERVER['REQUEST_METHOD'] this could result in the behavior you see here.

And if the clients sending those requests are controlled by you, then you have a third problem — those clients are using the obsolete and insecure SSL v2 protocol (they advertise support for SSL version 3.1, which is actually TLS 1.0, but would accept SSL v2 responses from the server, so they are vulnerable to a protocol downgrade attack due to missing integrity protection for handshake in SSL v2).