Reading your tcpdump, it appears your end is sending GET /index.html HTTP/1.1 but I don't see a host specification. What uesr agent are you using, and is it trying to send host? I do not have those rules paged in this minute, but there is a scheme to tell the server which vhost you want out of many on an IP address. With wget and forcing the IP address you got, I see: $ wget https://archive.netbsd.org/ --2022-04-15 14:36:21-- https://archive.netbsd.org/ Resolving archive.netbsd.org (archive.netbsd.org)... 151.101.1.6 Connecting to archive.netbsd.org (archive.netbsd.org)|151.101.1.6|:443... connected. HTTP request sent, awaiting response... HTTP/1.1 200 OK Connection: keep-alive Content-Length: 733 Server: bozohttpd/20190228 Content-Type: text/html Accept-Ranges: bytes Date: Fri, 15 Apr 2022 18:36:22 GMT Via: 1.1 varnish Age: 5047 X-Served-By: cache-bos4641-BOS X-Cache: HIT X-Cache-Hits: 1 X-Timer: S1650047782.024733,VS0,VE310 Length: 733 [text/html] Saving to: ‘index.html'
Attachment:
signature.asc
Description: PGP signature