Hi,
I use relayd on OpenBSD 7.7 to protect a small web server.
One of the rules I have in my relayd.conf is a restriction on the HTTP
Host header. I restrict this to the host name of the web server and all
other Host values are rejected.
Periodically I will see Host headers being rejected for other websites
that are not related to the web server I run. For example:
Aug 31 09:26:08 server relayd[93775]: relay https, session 337 (1
active), relayd-bad-host, 66.249.66.13 -> :0, Forbidden, *[Host:
tiras-knusel.offqgikfltggmflnxgrwvpduvkh.org]* [User-Agent: Mozilla/5.0
(compatible; Googlebot/2.1; +http://www.google.com/bot.html)]
[tiras-knusel.offqgikfltggmflnxgrwvpduvkh.org/robots.txt] GET
In this case, the IP matches the UA and it appears to be GoogleBot doing
this, but other times it will come from other, seemingly random hosts
that are not crawlers.
My question is: do people pass different Host values to reverse proxies
hoping to be connected to them (proxying through) ? If that is not the
case, can someone please explain to me why this shows in my logs ? I am
aware that relayd is protecting me from this, but I am curious as to why
people would do it.
Thanks,
- J
No comments:
Post a Comment