Skip to content

m3: Update Caddyfile.j2, 400 for non-expected host headers#416

Open
mcint wants to merge 1 commit into
masterfrom
mcint/m3-http-400
Open

m3: Update Caddyfile.j2, 400 for non-expected host headers#416
mcint wants to merge 1 commit into
masterfrom
mcint/m3-http-400

Conversation

@mcint

@mcint mcint commented Sep 28, 2025

Copy link
Copy Markdown
Contributor

Dealing with requests like these, that scan for secrets and don't even present a knowledgable Host header, just the IP.

Response includes a clear reason, so it won't be mysterious to users.

Sep 27 15:27:21 m3.noisebridge.net caddy[2614044]: {"level":"info","ts":1759012041.31485,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"78.153.140.2
03","remote_port":"50716","client_ip":"78.153.140.203","proto":"HTTP/1.1","method":"GET","host":"216.252.162.220","uri":"/core/.env","headers":{"Accept":["*/*"],"User-Agent":["
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.2.1"]}},"bytes_read":0,"user_id":"","duration":0.000039692,"size":0,"status":308,"resp_headers
":{"Server":["Caddy"],"Connection":["close"],"Location":["https://216.252.162.220/core/.env"],"Content-Type":[]}}

@SuperQ SuperQ left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting, very weird.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants