Caddy: stricter Host validation and lower-level HTTP error handling
A design-level discussion around request validation boundaries, malformed HTTP handling and where those guarantees should actually live.
View issueZen Dodd
Security, infrastructure, systems and open-source software.
I write technical analysis, research notes and proof-of-concepts, and contribute to real software. This site is a curated public record of the work worth showing first.
Start here
The best first reading for a short visit.
Writing planned for publication
Planned long-form writing and publications
See planned writingOpen-source contributions
Behaviour fixes, design analysis and reverse proxy work built from real software rather than labs or exercises.
See selected workWriting
Planned writing and future publications.
Reading a Real Caddy Issue Like an Engineer
A planned structured breakdown of behaviour, reproduction, root-cause hypotheses, maintainer intent and likely fix boundaries.
Selected work
Public contributions in repositories that matter.
Make stream copy buffer size configurable
Adds control over upgraded bidirectional stream buffering, aimed at real deployment behaviour rather than abstract tuning.
Skip query rename when the source key is absent
Fixes `uri query` rename handling so an absent source key does not clobber an already-correct destination key.
Avoid default issuers for implicit Tailscale policies
Prevents implicit `*.ts.net` policies from falling back to default ACME issuance when that behaviour is incorrect.
About this site
This site documents my work in security, infrastructure, systems, open-source software and technical writing. It is intended to be a durable public record of what I am building, analysing and learning in the open.
Contact