My money, in this case, is something like Akamai Kona or Shape Security, that does bot blocking. Comparing user-agent against known header order for that specific user-agent sounds like something they would do.
I'm asking because I've been running a web crawler for years now, and in the past week, I have noticed that the crawler is being rejected in more websites then usual.
15 comments
[ 3.4 ms ] story [ 45.7 ms ] threadMy guess is a single site that was getting DDoS'd added this as an attack signature and forgot about it.
$ URL=http://www.akamai.com
$ UA="User-Agent: Mozilla/5.0 My API Client"
$ ACCEPT="Accept: /"
$ curl -v -H "$UA" -H "$ACCEPT" $URL
< HTTP/1.1 301 Moved Permanently
< Content-Length: 0
< Location: https://www.akamai.com
< Date: Tue, 02 May 2017 14:46:59 GMT
< Connection: keep-alive
I'm asking because I've been running a web crawler for years now, and in the past week, I have noticed that the crawler is being rejected in more websites then usual.
Most libraries use an undefined order. This is not the same as random.
This is actually a report of two bugs:
1- the standard doesn't require an order
2 - the IETF's admonition that you be liberal in what you accept.