Unknown clients keep requesting the "kong" host

[matribots]

Hello , I have met a strange problem recently: Unknown clients keep requesting the "kong" host rapidly, but I didn't configure the "kong" host in the kong. Here are the access logs in json format:

The kong version is 1.4.3 and I have walked through the offical doc, Google, Stackoverflow but still have no idea.

Had anybody met the problem or maybe I missed something? Please help🙏🙏🙏.

[kikito]

Hello @caolijun1166, the first thing that draws my attention is that your kong version (1.4.3) is very old. A lot of problems on previous versions of the software have been solved in more modern versions. It might be that your problem gets solved by simply upgrading. That said, the second thing that is a bit surprising is that your logs don't seem to include any IP or port:

client_ip: "",
client_port: "",

This makes me think that there is something wrong in your log configuration options. I would recommend leaving the default options for a while (even if you don't get JSON logs for those requests, you might get their IPs). Once you make the unknown clients "known" (by knowing their IP/Port) you can start thinking about solutions.

Depending on what you see, you might decide to start using the IP restriction plugin. Another option might be setting a Service for the kong host and putting the Request Termination plugin on it.

In short:

• Update to the latest Kong version you can
• Get the IP/Ports of the troublesome consumers
• Once you have the consumer data, decide what to do, for example IP restriction or Request Termination.

[matribots]

Finally I found the cause! That was caused by Ali SLB health check probe! And thank you for your suggestion, this Kong version is really very old. But this version is still running on our production env now with cluster mode, maybe I have to do more investigation before doing upgrade. 🤦‍♂️

[kikito]

I am glad you found the problem, yes consider upgrading!