I’ve a couple of subdomain configured in caddy.
I need to keep some subdomains accessible only local and some of them only remote. So, to archive that I’m returning 404 error if IP is remote - to make subdomain local only.
But, I found that attackers could find (and they actually already found a few of them) my local subdomain, because caddy return different error for non existed subdomain.
It’s not possible to respond with HTTP when the TLS handshake fails. All clients will emit an error if the connection wasn’t established successfully. The server needs to have a valid certificate for the domain to be able to complete the TLS handshake.
You didn’t completely fill out the help topic template as per the forum rules, so I’m missing context for your question. Show your config and Caddy logs.
No, because the TLS handshake happens before any HTTP handlers run. You cannot do anything to change how the client will report a TLS error. Servers have no control at all over that, except for successfully completing the handshake by having a valid certificate.
Edit: I see now that you added your config in OP. So you’re trying to block requests by IP? You can use the abort or error directives instead of respond, but what you have should already work. Why do you think it doesn’t work? I don’t think I follow.