Nginx Question posted in
The official documentation can be found here.

Caddy V2 IP whitelist – Nginx

I am trying to implement IP whitelist on my Caddy v2 configuration. Something equivalent to NGINX configuration like:

allow 1.1.1.1;
allow 8.8.8.8;
deny all;

My current Caddy configuration pretty straight forward:

my.website.com {
        reverse_proxy http://127.0.0.1:3000 {   
    }
}

Thanks

Tags:

3

Answers


  1. 0

    I am not sure it is possible directly in Caddy, but you can add a middleware/plugin to do this.

    Here is the link you can get it : https://github.com/pyed/ipfilter

    According to the doc of this middleware, to you want to allow only the 2 IPs you wrote, you should probably do something like this :

    my.website.com {
    reverse_proxy http://127.0.0.1:3000

    ipfilter / {
        rule allow
        ip 1.1.1.1 8.8.8.8
        blockpage notauthorized.html
    }
}

    I also think if want to block every requests, not just the /, you have to write ipfilter /* instead of ipfilter /.

    Login or Signup to reply.
  2. 0

    You can try something like this in caddy v2:

    my.domain.com {
    @teammember {
        remote_ip forwarded 183.77.5.126 113.73.5.126
    }
    handle @teammember {
        reverse_proxy /* localhost:8081
    }
    respond "<h1>You are attempting to access protected resources!</h1>" 403
}
    Login or Signup to reply.
  3. 0

    I’m not saying qed’s answer is wrong, however I couldn’t get it to work in my case (possibly due to using import templates inside a handle?)…

    My solution was… Old config:

    private.example.com {
  import my_template argument_1 /path/to/example/argument2
}

    This changed to:

    private.example.com {
  @blocked not remote_ip 1.2.3.4
  respond @blocked "<h1>Access Denied</h1>" 403
  import my_template argument_1 /path/to/example/argument2
}

    Simply adding those two lines allows my site to be accessed on that IP. A test curl from a different IP returned the 403 error.

    This is done on Caddy 2.4.6

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search