search

tedivm / fedimapper

An API for the Fediverse - The Software behind the Fediverse Almanac
https://www.fediversealmanac.com
MIT License
16 stars 2 forks source link

Possible naive subdomain detection #4

Closed cooperaj closed 1 year ago

cooperaj commented 1 year ago

I've just had this hit my domain logs

198.58.122.231 - - [06/Jan/2023:11:34:35 +0000] "GET / HTTP/1.1" 200 982 "-" "fedimapper"
198.58.122.231 - - [06/Jan/2023:11:34:35 +0000] "GET /robots.txt HTTP/1.1" 404 149 "-" "fedimapper"
198.58.122.231 - - [06/Jan/2023:11:34:35 +0000] "GET /.well-known/nodeinfo HTTP/1.1" 302 65 "-" "fedimapper"
198.58.122.231 - - [06/Jan/2023:11:34:35 +0000] "GET /api/v1/instance HTTP/1.1" 404 154 "-" "fedimapper"

The important part is that in spite of hitting the nodeinfo and receiving information there that would have directed to a different domain (302 redirect to the Mastodon instances subdomain). It still then subsequently hit the top level domain with an api request.

If that's intentional then please just close :)

tedivm commented 1 year ago

Thanks for your report! If you don't mind me asking what's your domain? If it's okay I'd like to use it for testing.

cooperaj commented 1 year ago

Have DM'd you via Mastodon.

tedivm commented 1 year ago

Awesome, with that I was able to test it out and push up a fix. The system will now identify all nodes with different subdomains properly. Thanks again!