From 480923565e614b0e526be63351b0aa306abe7f2f Mon Sep 17 00:00:00 2001
From: Toby Chui <tobychui@users.noreply.github.com>
Date: Mon, 10 Nov 2025 21:53:54 +0800
Subject: [PATCH] Fixed #886

- Added well-known to exception for exploit checks
---
 src/mod/dynamicproxy/exploits/exploits.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/mod/dynamicproxy/exploits/exploits.go b/src/mod/dynamicproxy/exploits/exploits.go
index 79b0055..d18bbd6 100644
--- a/src/mod/dynamicproxy/exploits/exploits.go
+++ b/src/mod/dynamicproxy/exploits/exploits.go
@@ -19,6 +19,7 @@ import (
 	_ "embed"
 	"net/http"
 	"regexp"
+	"strings"
 
 	agents "github.com/monperrus/crawler-user-agents"
 )
@@ -50,6 +51,10 @@ func NewExploitDetector(CheckCommonExploits bool, CheckAiBots bool, ExploitRespT
 // CheckIsAttack checks if the request is an attack based on common exploits
 // return true if the request is handled
 func (d *Detector) CheckIsAttack(w http.ResponseWriter, r *http.Request) bool {
+	path := r.URL.Path
+	if strings.HasPrefix(path, "/.well-known/") {
+		return false
+	}
 	if d.CheckCommonExploits && d.RequestContainCommonExploits(r) {
 		return d.handleExploitResponse(w, r, d.ExploitRespType)
 	}