问 HN:来自 Googlebot 的奇怪流量
1 分•作者: sugarpimpdorsey•10 个月前
我一直在分析服务器日志,注意到一些来自 Google 的流量存在异常。我已验证了 ASN 和反向 DNS。一切都正常。<p>每个 Googlebot 请求都带有一个伪造或虚假的 HTTP Host: 标头,通常填充着一些我从未听说过的随机第三世界网站。Referer 也是伪造的,通常指向伪造的 Host: 标头域上的一个页面。<p>这是否是 Googlebot 中的某个编码错误,或者他们正在检查我不太理解的 SSRF 漏洞?
查看原文
I've been analyzing server logs and noticed some oddities with traffic originating from Google. I did verify the ASN and reverse DNS. Everything checks out.<p>Every Googlebot request has a forged or bogus HTTP Host: header, usually populated with some random third-world site I've never heard of. The Referer is likewise forged, and usually points to a page on the bogus Host: header domain.<p>Is this some coding bug in Googlebot or are they checking for some SSRF exploit I don't quite understand?