XF 2.2 10,000s of daily requests to "forum/login/keep-alive"

[sross]

- - [26/Jan/2024:07:03:51 -0500] "POST /forum/login/keep-alive HTTP/2.0" 200 175

I am getting these every 1-2 seconds. I've never seen this before so am wondering if anyone knows what this might be. The IP in the logs is different for each request. It is skewing my webstats by saying /forum/login/keep-alive in getting 100,000s of visits. Any ideas? Thanks!

 

[JustinHawk]

I am getting these ever 1-2 seconds. I've never seen this before so am wondering if anyone knows what this might be. The IP in the logs is different for each request. It is skewing my webstats by saying /forum/login/keep-alive in getting 100,000s of visits. Any ideas? Thanks!

Are you using https://xenforo.com/community/resources/digitalpoint-app-for-cloudflare®.8750/ ? I think that addon makes that request. Not 100% sure, check with developer of the addon.

 

[sross]

I tried cloudflare years ago, and don't think I ever installed this app and have no reference to the app in my addons.

 

[sross]

Only reference I see is here. Someone mentioned people have the site open in a tab and the session is kept alive? But why recount it as a new visit? Not sure if there is much that can be done about it.

 

[JustinHawk]

Not sure if there is much that can be done about it.

Are you facing any issue due to this?

I also checked on one of the website that i manage and we also have about 152K requests for same.

 

[sross]

Are you facing any issue due to this?

I also checked on one of the website that i manage and we also have about 152K requests for same.
View attachment 297235

It does seem to have been going on a while the more I look and I guess it is a normal part of the system. I should probably trust google analytics instead of server stats.

 

[digitalpoint]

Are you using https://xenforo.com/community/resources/digitalpoint-app-for-cloudflare®.8750/ ? I think that addon makes that request. Not 100% sure, check with developer of the addon.

It doesn’t any longer. It used to in order to refresh the CSRF token, but it’s since been changed so CSRF tokens aren’t used (replaced with http headers that all browsers support now).

That being said, the request to keep-alive is a normal part of how XenForo works. Browsers make the request once in awhile to get new CSRF tokens and update things like alert/conversation counters.

 

[JustinHawk]

It does seem to have been going on a while the more I look and I guess it is a normal part of the system. I should probably trust google analytics instead of server stats.

If your main concern is analyzing statistics, then Google Analytics or any other analytics system would be the better choice. However, if you're interested in identifying potential issues or patterns of attack, then it's best to concentrate on server statistics. I've had the opportunity to work on a website where unique attack patterns were employed to bring it down, and it was quite fun to uncover the unseen.

 

[dougdirac]

Would it break anything to put a Cloudflare managed captcha on that page?

 

[Jeremy P]

Probably yeah. It's requested over AJAX so the contents are never rendered in a browser for normal users.

 

[digitalpoint]

Definitely would be a problem.