Few logs without Traefik Router Name

Traefik Traefik v3 (latest)
1

Hello.

I have just installed the last version of Traefik (3.1.2).

I have configured a couple of middlewares, everything works well.

When I check the access logs, I can see a few lines without Traefik Router Name.

bastien@laptop$ cat access.log | grep -v @
173.255.221.189 - - [08/Sep/2024:01:31:59 +0000] "GET / HTTP/1.1" 404 - "-" "Mozilla/5.0 zgrab/0.x" - "-" "-" 0ms
172.105.128.13 - - [08/Sep/2024:04:37:12 +0000] "GET / HTTP/1.1" 404 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" - "-" "-" 0ms
20.225.3.216 - - [08/Sep/2024:12:46:25 +0000] "GET / HTTP/1.1" 404 - "-" "Mozilla/5.0 zgrab/0.x" - "-" "-" 0ms

How can we explain that ?

I have one last router to redirect all requests that were not previously captured.

    router-forbidden:
      service: "service-forbidden"
      rule: "PathPrefix(`/`) || Host(`example.com`)"
      tls: true
      entryPoints: "websecure"
      priority: 1

In the worst-case scenario, I'd have to find the " router-forbidden@file" like :

167.94.138.124 - - [08/Sep/2024:16:57:48 +0000] "GET / HTTP/1.1" 403 - "-" "-" - "router-forbidden@file" "-" 136ms
13.83.43.199 - - [08/Sep/2024:18:05:00 +0000] "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 403 - "-" "Mozilla/5.0 zgrab/0.x" - "router-forbidden@file" "-" 141ms
51.254.59.114 - - [08/Sep/2024:19:18:55 +0000] "GET / HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36" - "router-forbidden@file" "-" 146ms

Thanks for your help.

2

If someone sends TLS requests with unknown domain to Traefik, you probably get 404 without a router.

Traefik would usually serve a default TLS cert, which standard browsers/clients would probably reject.

But a lot of people are scanning the Internet the whole time with a lot of different software.

You may be able to get some more info, if you set the Traefik access log into JSON format.

3

Hello @bluepuma77.

But this request with an unknown domain should be marched with this route, no ?

All my other routes are spécified with a specific Host.

router-forbidden:
      service: "service-forbidden"
      rule: "PathPrefix(`/`) || Host(`example.com`)"
      tls: true
      entryPoints: "websecure"
      priority: 1

I will check in the Traefik json logs.

Thanks.

4

True. Maybe it’s a http request? Did you create a global redirect to https?

5

I had already checked that.

The port forwarding is not enabled for the port 80 on my router.
Only the port forwarding on 443 is currently activated.

6

Did you try http on port 443?

7

Thanks. I think that we have found the problem.

image

I will check how I can fix that.

8

Just added this router (with tls=false) and now everything seems to be caught.

router-forbidden-http:
      service: "service-forbidden"
      rule: "PathPrefix(`/`) || Host(`example.com`)"
      tls: false
      entryPoints: "websecure"
      priority: 1

Thanks @bluepuma77 for your help.

9

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.