1

A significant fraction of the requests to my webserver over the last few months are from a single user requesting /favicon.ico:

# tail -n 3 access_log 
XXX - - [24/Jan/2021:17:40:18 +0000] "GET /favicon.ico HTTP/1.1" 200 1845 "-" "WidgetKitExtension/3279 CFNetwork/1209 Darwin/20.2.0" "-"
XXX - - [24/Jan/2021:17:41:22 +0000] "GET /favicon.ico HTTP/1.1" 200 1845 "-" "WidgetKitExtension/3279 CFNetwork/1209 Darwin/20.2.0" "-"
XXX - - [24/Jan/2021:17:41:25 +0000] "GET /favicon.ico HTTP/1.1" 200 1845 "-" "WidgetKitExtension/3279 CFNetwork/1209 Darwin/20.2.0" "-"

(I've censored the IP address.) This is a legitimate user, with occasional human requests (with a different user agent and over http/2) to the site. The most recent human visit was several weeks ago, but the /favicon.ico requests continue unabated, on average four times an hour but often every few minutes or seconds, as seen above. In particular, the favicon.ico requests are not associated with requests to any other resources on the site. I don't know if it's relevant, but the favicon is being served over https (I believe there are no corresponding http requests) and appears to be compressed, as favicon.ico.gz is 1599 bytes.

In searching I've seen a variety of other questions about all sorts of weird favicon.ico request patterns but nothing that explains favicon.ico requests in absence of ordinary web requests.

What could be responsible for these excessive requests? I assume it is some kind of configuration problem by the user agent, but is there some change in server configuration I can do to persuade the user agent to cache the favicon? The server is using nginx. Thanks.

anon novice
  • 13
  • 2

1 Answers1

0

Obviously, it's done by a "WidgetKitExtension/3279" , which is a kind of widgetkit installed on the MacOS of the user. Now the main problem is to figure out how to solve your problem:

  • Contact the author of the Widget and ask him to optimize it by increasing the time between the requests
  • Think about a caching service like Redis , that will have the file in memory

If your website is hosted on Linux - the file should already be cached and then you won't need Redis. Yet, you can try to add "expires" directive .

hunter86_bg
  • 72
  • 3
  • Thanks, I added "expires" directive, and content now has an appropriate "expires" header with a date in the future. The favicon requests continue, now 71 bytes larger, indicating the header is being served to the user. I guess I cannot control the misbehaving application server-side. – anon novice Jan 24 '21 at 21:06
  • At least you have reduced the ammount of traffic generated from the client. The only option that comes to my mind is to use some kind of "fail2ban" or firewall options to rate-limit the client's request count. – hunter86_bg Jan 25 '21 at 12:51
  • There's been no reduction in traffic from the client. I've learned that the application may be the "most visited" sites homepage in Firefox, which apparently requests favicons every time it is loaded regardless of cache. – anon novice Jan 25 '21 at 15:19