diff --git a/scripts/clear-ip.sh b/scripts/clear-ip.sh
new file mode 100755
index 0000000..7283071
--- /dev/null
+++ b/scripts/clear-ip.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# Script to clear a specific IP from HAProxy stick-table
+# Usage: ./clear-ip.sh <IP_ADDRESS>
+
+if [ $# -ne 1 ]; then
+    echo "Usage: $0 <IP_ADDRESS>"
+    echo "Example: $0 192.168.1.100"
+    exit 1
+fi
+
+IP="$1"
+SOCKET="/tmp/haproxy-cli"
+
+# Check if socket exists
+if [ ! -S "$SOCKET" ]; then
+    echo "Error: HAProxy socket not found at $SOCKET"
+    exit 1
+fi
+
+# Get worker process ID
+PROCESS_ID=$(echo "show proc" | socat stdio "$SOCKET" 2>/dev/null | grep -E '^[0-9]+.*worker' | awk '{print $1}' | head -1)
+
+if [ -z "$PROCESS_ID" ]; then
+    echo "Error: Could not find HAProxy worker process"
+    exit 1
+fi
+
+echo "Clearing IP $IP from stick-table..."
+
+# Clear the IP from the table
+printf "@!%s del table web key %s\n" "${PROCESS_ID}" "${IP}" | socat stdio "$SOCKET" 2>/dev/null
+
+if [ $? -eq 0 ]; then
+    echo "Successfully cleared $IP from the stick-table"
+else
+    echo "Failed to clear $IP (may not exist in table)"
+fi
+
+# Verify it's gone
+echo
+echo "Checking if IP is still in table..."
+printf "@!%s show table web\n" "${PROCESS_ID}" | socat stdio "$SOCKET" 2>/dev/null | grep "key=$IP" > /dev/null
+
+if [ $? -eq 0 ]; then
+    echo "Warning: IP $IP is still in the table"
+else
+    echo "Confirmed: IP $IP has been removed"
+fi
\ No newline at end of file
diff --git a/templates/hap_listener.tpl b/templates/hap_listener.tpl
index 2c01217..1bb1791 100644
--- a/templates/hap_listener.tpl
+++ b/templates/hap_listener.tpl
@@ -12,10 +12,14 @@ frontend web
     # Whitelist trusted networks and monitoring systems
     acl trusted_networks src 127.0.0.1 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12
     acl health_check path_beg /health /ping /status /.well-known/
+    acl common_missing path /favicon.ico /robots.txt /sitemap.xml /apple-touch-icon.png
     
     # Allow trusted traffic to bypass all protection
     http-request allow if trusted_networks or health_check
     
+    # Don't count common missing files against the error count
+    http-request return status 404 if common_missing
+    
     # Detect real client IP from proxy headers if they exist
     # Priority: CF-Connecting-IP (Cloudflare) > X-Real-IP > X-Forwarded-For > src
     acl has_cf_connecting_ip req.hdr(CF-Connecting-IP) -m found