I have a spring boot application run on a server and after some days I saw some unusual requests are coming. Some of the requests are as follows,
HEAD /bin
GET /.env
GET /api
GET /help
GET /vendor/phpunit
GET /phpmyadmin
GET /wp-admin
So is there an option or any solution to not to hit those requests to server or prevent these requests in spring boot?
2
Answers
Spring boot will generally return a 404 for endpoints that are not configured. To prevent those requests from hitting your application you will need to block them using whatever webserver you are using to send the request to your application.
You can’t prevent those calls to reach your application with your application alone. You would need an API Gateway or an HTTP server like Apache. All the requests to your application must go through any of those solutions and you would need to configure the selected one to block such calls.