On 9/2/25 06:34, Stuart Henderson wrote:
> On 2025-09-01, J Doe <general@nativemethods.com> wrote:
>> Periodically I will see Host headers being rejected for other websites
>> that are not related to the web server I run. For example:
>>
>> Aug 31 09:26:08 server relayd[93775]: relay https, session 337 (1
>> active), relayd-bad-host, 66.249.66.13 -> :0, Forbidden, *[Host:
>> tiras-knusel.offqgikfltggmflnxgrwvpduvkh.org]* [User-Agent: Mozilla/5.0
>> (compatible; Googlebot/2.1; +http://www.google.com/bot.html)]
>> [tiras-knusel.offqgikfltggmflnxgrwvpduvkh.org/robots.txt] GET
>>
>> In this case, the IP matches the UA and it appears to be GoogleBot doing
>> this, but other times it will come from other, seemingly random hosts
>> that are not crawlers.
>>
>> My question is: do people pass different Host values to reverse proxies
>> hoping to be connected to them (proxying through) ?
> yes; looking for open reverse-proxies (search term: "domain fronting")
Hi Stuart,
Ah, interesting! The overview on Wikipedia was helpful - thanks.
A side question - are IPv4/IPv6 addresses in the header only from bots
(ie: Host: 1.2.3.4) ?
There aren't any human clients (web browsers), that use the numerical
form of the server address in the Host header are there ?
- J
No comments:
Post a Comment