Hi, I use relayd on OpenBSD 7.7 to protect a small web server.
One of the rules I have in my relayd.conf is a restriction on the HTTP Host header. I restrict this to the host name of the web server and all other Host values are rejected.
Periodically I will see Host headers being rejected for other websites that are not related to the web server I run. For example:
Aug 31 09:26:08 server relayd[93775]: relay https, session 337 (1 active), relayd-bad-host, 66.249.66.13 -> :0, Forbidden, *[Host: tiras-knusel.offqgikfltggmflnxgrwvpduvkh.org]* [User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)] [tiras-knusel.offqgikfltggmflnxgrwvpduvkh.org/robots.txt] GET
In this case, the IP matches the UA and it appears to be GoogleBot doing this, but other times it will come from other, seemingly random hosts that are not crawlers.
My question is: do people pass different Host values to reverse proxies hoping to be connected to them (proxying through) ? If that is not the case, can someone please explain to me why this shows in my logs ? I am aware that relayd is protecting me from this, but I am curious as to why people would do it.
Thanks, - J
