Http

Hi! I’m running Caddy and saving access logs to disk in the JSON format. I want to integrate fail2ban to block bots trying /wp-login.php and other known URLs, and I couldn’t find much about how to make fail2ban read Caddy’s logs. This is a hack that I quickly came up with, barely tested, but I managed to make it work: /etc/fail2ban/filter.d/caddy-forbidden.local: [Definition] failregex = "client_ip":"<HOST>"(.*)"status":403 datepattern = "ts":<DATE>\. ignoreregex = Append to /etc/fail2ban/jail.local: ...

Hi. A couple of years ago I “took inspiration” for a HTTP reverse proxy in Go from Stack Overflow without putting too much thought into it, and this week it bit me back. A co-worker found out that it was normalising some URLs (/something//else will 301-redirect to /something/else) against their will. So I decided to take the opportunity and understand better how net/http handles URLs, and here are my findings. ...

Today I was working in a 3rd party module. Something very simple, an AJAX Add to Cart button. But, when I requested http://.../ajaxcart/cart/add, I’ve got a 302 HTTP status, or, a redirect, to the same requested URL, but in secure mode (HTTPS). After debugging, I could understand that the controller wasn’t being called, so I try to find a configuration problem. The Administration Panel was configured to be served on HTTPS (Configuration > General > Web > Secure > ???), and when I’ve removed this option, everything was working as expected. ...