I just noticed a similar pattern of User-agents for back to back requests. In my case, the first request (with the Mozilla User agent) was from an embedded webview. The requested URL was to download a PDF file. What I've found is that the Android webview cannot handle the PDF content type, so it launches a PDF viewer through an intent. However, before this viewer is launched Android makes a second request for the same URL. In the second request, the Dalvik user agent is presented.

我刚刚注意到一种类似的用户代理模式用于背靠背请求。就我而言，第一个请求（使用 Mozilla 用户代理）来自嵌入式 web 视图。请求的 URL 是下载 PDF 文件。我发现 Android webview 无法处理 PDF 内容类型，因此它通过意图启动 PDF 查看器。但是，在此查看器启动之前，Android 会针对同一 URL 发出第二次请求。在第二个请求中，显示了 Dalvik 用户代理。

The two request strangeness has been discuss before, see Is setDownloadListener onDownloadStart called after the webview already Gets the file?and WebView - can't download file without requesting it twice?.

这两个请求的怪异之前已经讨论过了，见webview已经获取文件后调用setDownloadListener onDownloadStart吗？和WebView - 不能在没有请求两次的情况下下载文件？.

In my first request, from the webview, I see the user agent:

在我的第一个请求中，从 webview 中，我看到了用户代理：

Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; Galaxy Nexus Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30

Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; Galaxy Nexus Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30

The second request (which I assume is from the Android OS, and not the webview) shows the user agent:

第二个请求（我假设来自 Android 操作系统，而不是 webview）显示了用户代理：

Dalvik/1.6.0 (Linux; U; Android 4.2.2; Galaxy Nexus Build/JDQ39)

Dalvik/1.6.0（Linux；U；Android 4.2.2；Galaxy Nexus Build/JDQ39）

• Dalvik is the Android VM in which individual apps run.
• What you're seeing is the request header from a browser running in Android (which runs within Dalvik).
• Hence the two UA (User Agent) strings, one for the browser, one for the VM in which it's running.

• Dalvik 是运行单个应用程序的 Android VM。
• 您看到的是来自在 Android 中运行的浏览器（在 Dalvik 中运行）的请求标头。
• 因此有两个 UA（用户代理）字符串，一个用于浏览器，一个用于运行它的 VM。

I've been seeing a rapidly increasing incidence of simultaneous GET requests with this profile on streaming servers in the past 6 months, but going back a few years with much lesser volume. It was easy to ignore them at first. The client pumps many simultaneous requests (I see 60-80 typically), and then it appears the client runs out of bandwidth; requests stall, subside, and then re-emerge. This goes on for several minutes. If multiple attacks of this sort were launched from different IPs on different Eyeball networks, it would start to qualify as a DDoS attack in my book.

在过去的 6 个月里，我看到在流服务器上使用此配置文件同时 GET 请求的发生率迅速增加，但几年前的数量要少得多。一开始很容易忽略它们。客户端同时发送许多请求（我通常看到 60-80），然后客户端似乎用完了带宽；请求停止，消退，然后重新出现。这会持续几分钟。如果这种类型的多次攻击是从不同 Eyeball 网络上的不同 IP 发起的，那么在我的书中，它就会开始被视为 DDoS 攻击。

Because the sources are on eyeball networks with ever changing IP's (over time, but not during an attack), using IP blocking is of limited effectiveness, and blocks need to be aged-out so they don't affect legitimate users.

由于来源位于 IP 不断变化的眼球网络上（随着时间的推移，而不是在攻击期间），使用 IP 阻止的效果有限，并且阻止需要老化，以免影响合法用户。

Your observation that cookies are not observed in any way would seem to lend weight to the possibility that these are malicious requests.

您对 cookie 未以任何方式观察到的观察似乎加重了这些是恶意请求的可能性。

In conclusion, to answer your question simply, yes, you can block these requests, especially since you have evidence that these may be malicious requests (that have been rising steadily since your post in my experience). You may, of course, be blocking legitimate requests. That's your call. You'll also have to deal with howto block them, since in my experience they originate mostly from DHCP leased addresses on eyeball networks.

总之，简单地回答您的问题，是的，您可以阻止这些请求，特别是因为您有证据表明这些请求可能是恶意请求（根据我的经验，自您的帖子以来一直在稳步上升）。当然，您可能会阻止合法请求。那是你的电话。您还必须处理如何阻止它们，因为根据我的经验，它们主要来自眼球网络上的 DHCP 租用地址。

See also: Can I safely block Dalvik browser agent requests?

另请参阅：我可以安全地阻止 Dalvik 浏览器代理请求吗？