You’re supposed to reject those domains on your ask endpoint. Are you not doing that? You should only allow known domains, you should never blanket allow domains.
The whole point of ask is to avoid a DDoS vulnerability. If you allow all domains (or most including unknown domains), then you’re issuing certificates for each of those. That means doing cert issuance with an ACME issuer. That’s relatively expensive in terms of time and storage, and you may hit rate limits, or run out of storage entirely if an attacker decides to make requests enumerating domains ad infinitum.
After you fix that, make sure to delete the certificates for domains you don’t want from Caddy’s storage then restart Caddy; otherwise it’ll continue to serve requests from those domains because the TLS handshake would succeed.
That’s the way to do it. Just write a regexp matching Host to reject those requests.
But like I said that’s the wrong place to solve this, because the TLS handshake should have failed before even reaching HTTP routes.