1. Output of caddy version
:
v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=
2. How I run Caddy:
a. System environment:
Ubuntu 20.04
Docker
d. My complete Caddy config:
{$HOST} {
handle /api* {
reverse_proxy api:{$API_PORT}
}
handle /uploads* {
reverse_proxy api:{$API_PORT}
}
handle {
root * /var/www/praise
try_files {path} /index.html
encode zstd gzip
file_server
}
}
3. The problem I’m having:
I have gotten reports that our website is open to redirect exploits. And, clicking on the below link confirms this, the user is indeed redirected to an unintended external domain.
https://staging.givepraise.xyz/%5C%5Cevil.com/%252e%252e%252f
I have tried all sorts of regular expressions and path matchers but I’m not able to figure out how to capture the above path and prevent the redirect from happening. Ideally I would like to prevent any redirects and allow only the paths I specifically specify.