mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-15 21:19:39 -05:00
[GH-ISSUE #10473] [Security] Unknown URI must be answered with HTTP 404 to allow a fronted web server to detect malicious traffic #15903
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @Fade78 on GitHub (Feb 20, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/10473
When a URI is asked to open-webui (container v0.5.14) but is unknown, a page is returned saying "404 not found" but the actual return code is 200.
My open-webui is exposed on internet, behind a nginx instance. Crawler/hackers try to find some weird stuff by testing many URI. When they do that, in a normal case, it makes a lot of 404 answers that can trigger rate-limiting or ban because the return codes are monitored by the nginx. But with open-webui returning 200, this trafic looks legit.
Useless logs, just for fun: