From 1a10e1674511ba1433e2f3ab96a99973757353bb Mon Sep 17 00:00:00 2001
From: LittleChest <hiya@littlew.top>
Date: Thu, 29 Jan 2026 20:22:38 +0800
Subject: [PATCH] common: Block requests with unusual Host header

---
 common.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/common.js b/common.js
index 7a689e1..c26c1e6 100644
--- a/common.js
+++ b/common.js
@@ -7,6 +7,13 @@ export default async function handler(
   rawIP,
 ) {
   const { method, headers, url } = request;
+
+  const host = headers.get("Host");
+
+  if (host && (host.endsWith(":443") || host.endsWith(":80"))) {
+    return new Response(null, { status: 403 });
+  }
+
   const { search, searchParams, pathname } = new URL(url);
 
   const ip =