问HN:来自Googlebot的异常流量
我一直在分析服务器日志,注意到来自谷歌的流量存在一些异常。我已经验证了ASN和反向DNS,一切正常。
每个Googlebot的请求都有一个伪造或虚假的HTTP Host:头,通常填充的是一些我从未听说过的随机第三世界网站。Referer同样是伪造的,通常指向虚假Host:头域名上的某个页面。
这是Googlebot中的某个编码错误,还是他们在检查我不太理解的某种SSRF漏洞?
查看原文
I've been analyzing server logs and noticed some oddities with traffic originating from Google. I did verify the ASN and reverse DNS. Everything checks out.<p>Every Googlebot request has a forged or bogus HTTP Host: header, usually populated with some random third-world site I've never heard of. The Referer is likewise forged, and usually points to a page on the bogus Host: header domain.<p>Is this some coding bug in Googlebot or are they checking for some SSRF exploit I don't quite understand?