favicon.ico in referer field in access.log

archygriswald

12/19/23, 3:42 PM

There is this line in my nginx access.log:

54.201.239.190 - - [18/Dec/2022:22:34:56 +0100] "GET / HTTP/1.1" 200 64 
"http://example.com/favicon.ico" "Mozilla/5.0 (X11; Linux x86_64) ..."

Simple question: Can anybody think of a way that a "favicon.ico" can appear in the referer of a legitimate get request???

(the IP is from AWS, so it should be a script. My guess is that this is a test to check if my site responds differently when a referer is set. There are 2 more log entries from AWS IPs right before this one without a referer)

0 + 1

log-files

scraping

attacks

diya

12/19/23, 5:23 PM

In theory that might be the result of an add blocker or privacy extension that generates a self referential Referer header using your own domain rather than outright suppressing the Referer header completely. IIRC normally browser in incognito/anonymous mode reduce the referer to only the domain name rather than using `example.com/favicon.ico` though

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: favicon.ico in referer field in access.log

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.