Fleet version: v4.40.0
💥 Actual behavior
Customer is seeing POST requests from the osquery client to the Fleet root route (org.fleet.com:443/) rather than any of the osquery API endpoints.
This may be a configuration issue, but we cannot identify the hosts that are sending these requests. The Public IP only narrows things down to a specific group of hosts and there is no error in Fleet. This endpoint currently responds with the frontend, regardless of the request method used.
🧑💻 Steps to reproduce
Investigating
🕯️ More info (optional)
As a troubleshooting step, it would be helpful to create a custom version of Fleet v4.40.0 that logs the request body when a POST request is made to the root route. This would surface additional information about the type of request being sent, as well as information that should allow us to identify the affected hosts.
Fleet version: v4.40.0
💥 Actual behavior
Customer is seeing POST requests from the osquery client to the Fleet root route (
org.fleet.com:443/) rather than any of the osquery API endpoints.This may be a configuration issue, but we cannot identify the hosts that are sending these requests. The Public IP only narrows things down to a specific group of hosts and there is no error in Fleet. This endpoint currently responds with the frontend, regardless of the request method used.
🧑💻 Steps to reproduce
Investigating
🕯️ More info (optional)
As a troubleshooting step, it would be helpful to create a custom version of Fleet v4.40.0 that logs the request body when a POST request is made to the root route. This would surface additional information about the type of request being sent, as well as information that should allow us to identify the affected hosts.