1

On my website, we log user IPs to ensure we're able to properly moderate and prevent abuse.

We are aware of Proxies, such as Opera VPN, Tor, and others.

However, I am not aware of Google itself having a Proxy, other than the "Data Saver" functionality.

Some users are coming to my website with IPs such as:

66.102.8.219
66.249.91.121

There are a lot more IPs. These IPs are owner by AS15169 Google LLC and have these hostnames:

rate-limited-proxy-66-249-91-121.google.com
google-proxy-66-102-8-219.google.com

As per this page, https://developers.chrome.com/multidevice/data-compression
The header X-Forwarded-For will be present with the user's real IP.
And we do look into this header.

However, when I dump the headers when users come with the IPs above, this header is not present, and there's no other header with the user's IP, at all.

Plus, as per this page, https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control

The [Cache-Control] no-transform directive is redundant for content served over HTTPS, because proxies can not transform payloads over secure connections.

Therefore, I don't think the IPs above have to do with Data Saver functionality, because my website is fully SSLed.

-

What do you think these users are using in order to hide their real IP?

Nuno
  • 461
  • 1
  • 5
  • 23

1 Answers1

0

Read the user agent, its probably one of the Googlebots crawling. If you don't want to be indexed set robots.txt, they are well behaved.

On Google webmaster help, reference:

Edit: if it isn't a crawler, it may be an attempt to use various Google services as a proxy. Many theories over at webmasters.se over the years, nothing conclusive: Is this Google proxy a fake crawler: google-proxy-66-249-81-131.google.com?

Whatever it is, decide if these agents are abusing your system. Block, rate limit, and try robots.txt anyway to see if they behave like a bot.

John Mahowald
  • 30,009
  • 1
  • 17
  • 32
  • Definitely not the crawler. It is my users visiting the website, using the same cookies and sessions as when they are on their real IP, on their Google Chrome on Windows 7 or 10 (just checked some of the header dumps). – Nuno Mar 27 '19 at 07:01
  • Then decide if these are abusive and if so do something about it. Webmaster forums have been several theories about this DNS pattern but nothing conclusive. My edit a link to webmasters.SE for some context. – John Mahowald Mar 27 '19 at 12:28
  • This can be Gmail as well. I see requests from Google's `rate-limited-proxy` after we send mass mailing. – Nowaker Dec 07 '20 at 18:43