ASP.NET 健康监控事件中的异常请求 URL
我在 ASP.NET 运行状况监控电子邮件的请求信息部分中看到了一个相当奇怪的情况,我希望有人能够提供一些线索。这是一个面向公众的网站,在印度托管提供商的基础设施上运行。健康监控通过自动电子邮件通知我们服务器错误,但请求的 URL 有时会显示为完全不同的网站。例如:
Request information:
Request URL: http://www.baidu.com/Default.aspx
Request path: /Default.aspx
User host address: 221.13.128.175
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE
显然该网站不是百度,显然该属性也不是referrer; “Request URL”值是生成错误的路径。 IP 地址位于北京(巧合的是百度地址?),在这种情况下,SQL Server 后端看起来无法访问(出于安全考虑,我没有包含完整的错误消息)。
什么会导致请求 URL 属性被任意更改为其他站点的属性?我以前从未在健康监测事件中见过这种情况。谢谢!
编辑:对于那些不熟悉百度的人来说,这是中国最大的搜索引擎,并且绝对不会在与该特定站点相同的印度基础设施上运行。
I’m seeing a rather strange occurrence in the request information section of an ASP.NET health monitoring email I hope someone can shed some light on. This is a publicly facing website which runs on infrastructure at an Indian hosting provider. Health monitoring is notifying us of server errors via automated email but every now and then the requested URL appears as a totally different website. For example:
Request information:
Request URL: http://www.baidu.com/Default.aspx
Request path: /Default.aspx
User host address: 221.13.128.175
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE
Obviously the site in question is not Baidu and obviously this attribute is not the referrer either; the “Request URL” value is the path which has generated the error. The IP address is located in Beijing (coincidental given the Baidu address?) and in this instance it looks like the SQL server backend was not accessible (I haven't included the entire error message for security's sake).
What would cause the request URL attribute to be arbitrarily changed to that of another site? I’ve never seen this occur in a health monitoring event before. Thanks!
Edit: For those not familiar with Baidu, it's China's largest search engine and is absolutely, positively not running on the same Indian infrastructure as this particular site.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以通过更改主机文件以在服务器的 IP 地址处包含 www.baidu.com 的条目,然后请求 http://www.baidu.com/Default.aspx。
如果 IIS 中的 HostHeaders 为空,那么它可能最终会出现在默认网站上。这可能与您通常的网站不同,后者可能会解释您收到的 SQL 错误消息。
我不确定为什么有人会这样做。也许某个地方出现了无辜的 DNS 错误,或者是一个写得不好的机器人?
You can cause this to happen by changing your hosts file to include an entry to www.baidu.com at your server's IP address then requesting http://www.baidu.com/Default.aspx.
It would presumably end up at the default website if the HostHeaders in IIS for this are blank. This may be different from your usual website which might explain the SQL error message you were getting.
Why someone would do this I'm not sure. Maybe an innocent DNS error somewhere or a badly written bot?