In my logs, I have tens of thousands of lines such as this one:
Nov 8 23:33:00 server-1 haproxy[30937]: 96.241.55.138:64745 [08/Nov/2020:23:33:00.312] HTTP/3: SSL handshake failure
Lines such as these are created around thirty times per second. There are probably thirty or forty IP addresses (mostly IPv6 addresses) trying and failing endlessly. If I run a tail -f
on the log file, and grep
the IP, it streams like the matrix. Unlike all the successful requests in the logs, every single entry says either HTTP/3
or HTTP/4
.
This doesn’t seem to be a real problem, because not a single person has had any issues using any of the sites we host. But it’s annoying because, when I filter the logs through GoAccess, it shows tens of millions of “failed requests.” Does anyone know what’s happening here? Is it bots? Is it an attempt to tie up the server? Is it a few real devices retrying automatically? I’ve looked through the existing topics on this error on this forum but nothing seemed to answer these questions.
Thanks!