I’m seeing a lot of hits to our site that look like obvious cracking/exploit attempts, e.g.:
GET /cms/license.txt GET /wp-login.php GET /w/license.txt GET /2/license.txt GET /test/web.config.txt GET /vendor/phpunit/phpunit/LICENSE GET /vendor/phpunit/phpunit/src/Util/PHP/Template/TestCaseMethod.tpl.dist GET /res/license.txt GET /backup/license.txt GET /back/license.txt GET /_wp/license.txt
Question: is it worth putting a handler in Caddyfile v2 to deal with the more common of these and turn them away? If so, should I return a 404? 403?
Right now since my site is an SPA they always get the index.html file which is just a waste of bandwidth.
What would the handler look like?