XF 2.2 10,000s of daily requests to "forum/login/keep-alive"

sross

Active member
- - [26/Jan/2024:07:03:51 -0500] "POST /forum/login/keep-alive HTTP/2.0" 200 175

I am getting these every 1-2 seconds. I've never seen this before so am wondering if anyone knows what this might be. The IP in the logs is different for each request. It is skewing my webstats by saying /forum/login/keep-alive in getting 100,000s of visits. Any ideas? Thanks!
 
Only reference I see is here. Someone mentioned people have the site open in a tab and the session is kept alive? But why recount it as a new visit? Not sure if there is much that can be done about it.
 

Attachments

  • Screenshot 2024-01-27 at 9.05.21 PM.webp
    Screenshot 2024-01-27 at 9.05.21 PM.webp
    51.3 KB · Views: 25
Are you using https://xenforo.com/community/resources/digitalpoint-app-for-cloudflare®.8750/ ? I think that addon makes that request. Not 100% sure, check with developer of the addon.
It doesn’t any longer. It used to in order to refresh the CSRF token, but it’s since been changed so CSRF tokens aren’t used (replaced with http headers that all browsers support now).

That being said, the request to keep-alive is a normal part of how XenForo works. Browsers make the request once in awhile to get new CSRF tokens and update things like alert/conversation counters.
 
It does seem to have been going on a while the more I look and I guess it is a normal part of the system. I should probably trust google analytics instead of server stats.
If your main concern is analyzing statistics, then Google Analytics or any other analytics system would be the better choice. However, if you're interested in identifying potential issues or patterns of attack, then it's best to concentrate on server statistics. I've had the opportunity to work on a website where unique attack patterns were employed to bring it down, and it was quite fun to uncover the unseen.
 
Back
Top Bottom