skip to Main Content

I am trying to implement IP whitelist on my Caddy v2 configuration. Something equivalent to NGINX configuration like:

allow 1.1.1.1;
allow 8.8.8.8;
deny all; 

My current Caddy configuration pretty straight forward:

my.website.com {
        reverse_proxy http://127.0.0.1:3000 {   
    }
}

Thanks

3

Answers


  1. I am not sure it is possible directly in Caddy, but you can add a middleware/plugin to do this.

    Here is the link you can get it : https://github.com/pyed/ipfilter

    According to the doc of this middleware, to you want to allow only the 2 IPs you wrote, you should probably do something like this :

    my.website.com {
        reverse_proxy http://127.0.0.1:3000
    
        ipfilter / {
            rule allow
            ip 1.1.1.1 8.8.8.8
            blockpage notauthorized.html
        }
    }
    

    I also think if want to block every requests, not just the /, you have to write ipfilter /* instead of ipfilter /.

    Login or Signup to reply.
  2. You can try something like this in caddy v2:

    my.domain.com {
        @teammember {
            remote_ip forwarded 183.77.5.126 113.73.5.126
        }
        handle @teammember {
            reverse_proxy /* localhost:8081
        }
        respond "<h1>You are attempting to access protected resources!</h1>" 403
    }
    
    Login or Signup to reply.
  3. I’m not saying qed’s answer is wrong, however I couldn’t get it to work in my case (possibly due to using import templates inside a handle?)…

    My solution was… Old config:

    private.example.com {
      import my_template argument_1 /path/to/example/argument2
    }
    

    This changed to:

    private.example.com {
      @blocked not remote_ip 1.2.3.4
      respond @blocked "<h1>Access Denied</h1>" 403
      import my_template argument_1 /path/to/example/argument2
    }
    

    Simply adding those two lines allows my site to be accessed on that IP. A test curl from a different IP returned the 403 error.

    This is done on Caddy 2.4.6

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search