x.x.x.x - - [10/Nov/2024:00:02:37 +0000] "GET / HTTP/1.1" 301 162 "-" "okhttp/4.9.0"
You know what’s interesting about this log line? It repeats 56,686,963 times in www.kernel.org logs for yesterday, across 4 nodes. That’s about 700 times a second, and this has been going on for months.
These requests aren’t intentionally malicious – they issue a simple GET /, receive their 301 redirect, and terminate the connection. From what I can tell, this is some kind of appliance or software installed on mobile clients that uses “can I reach www.kernel.org” as a network test.
This wouldn’t be that big of a deal – a single plaintext “GET /“ that triggers an immediate 301 is very cheap for us to generate, but the number of these requests has been steadily growing.
If you have any idea what this is and how to make it stop, please reach out?