问题
I've noticed that when users on Android-OS devices visit my site, there's constantly two requests happening on each page. The first is the normal browser, and the second is from "Dalvik". Example:
"GET / HTTP/1.1" 200 2126 "-" "Mozilla/5.0 (Linux; Android 5.0.2; SAMSUNG SM-G925F/G925FXXU1AOD8 Build/LRX22G) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/3.0 Chrome/38.0.2125.102 Mobile Safari/537.36" 1229 2802
"GET / HTTP/1.1" 200 2117 "-" "Dalvik/2.1.0 (Linux; U; Android 5.0.2; SM-G925F Build/LRX22G)" 546 8729
From my understanding of this, the first request is from the actual browser, and the other is from the virtual machine (Dalvik) running the browser. The problem is that the Dalvik request doesn't use the same cookies, and/or POST data, and this triggers errors server side. An example would be when a user registers an account. The normal browser sends through POST data, but the Dalvik request just does a GET on the action url. Similarly, if a user is logged in, Dalvik will try a GET on a permission based page, which may redirect it somewhere else because there's no session for it.
The user doesn't experience any real problems (from what I can tell), however, we notice the attempts in our error logging. So my question is: Can I safely block all access attempts if the browser agent indicates "Dalvik/..*"? Will there be any adverse affects for the user? Considering that the Dalvik-related requests aren't actually reposting the real data or carrying a session, it seems unlikely. But hoping someone with more experience with Android can provide some feedback on it, for example, should I issue a specific HTTP header/status code, like "401 Unauthorized" or "400 Bad Request"?
Any help would be appreciated.
回答1:
This is the Linux shell for Samsung phones. My OS is listed as "Linux 3.4.0-7500527 (Dalvik 2.1.0)" and it's a Samsung Galaxy S5. Could you set up a duplicate of your site (even minimal) with the gets receiving a 501, perhaps? With that, it should be easy to find out.
来源:https://stackoverflow.com/questions/38223027/can-i-safely-block-dalvik-browser-agent-requests