On 9/2/25 06:34, Stuart Henderson wrote:
On 2025-09-01, J Doe <[email protected]> wrote:
Periodically I will see Host headers being rejected for other websites
that are not related to the web server I run. For example:
Aug 31 09:26:08 server relayd[93775]: relay https, session 337 (1
active), relayd-bad-host, 66.249.66.13 -> :0, Forbidden, *[Host:
tiras-knusel.offqgikfltggmflnxgrwvpduvkh.org]* [User-Agent: Mozilla/5.0
(compatible; Googlebot/2.1; +http://www.google.com/bot.html)]
[tiras-knusel.offqgikfltggmflnxgrwvpduvkh.org/robots.txt] GET
In this case, the IP matches the UA and it appears to be GoogleBot doing
this, but other times it will come from other, seemingly random hosts
that are not crawlers.
My question is: do people pass different Host values to reverse proxies
hoping to be connected to them (proxying through) ?
yes; looking for open reverse-proxies (search term: "domain fronting")
Hi Stuart,
Ah, interesting! The overview on Wikipedia was helpful - thanks.
A side question - are IPv4/IPv6 addresses in the header only from bots
(ie: Host: 1.2.3.4) ?
There aren't any human clients (web browsers), that use the numerical
form of the server address in the Host header are there ?
- J
