Some of you may know the 7G Firewall:
The 7G Firewall offers lightweight, server-level protection against a wide range of malicious requests, bad bots, automated attacks, spam, and many other types of threats and nonsense.
Basically these are rules (mostly regular expressions) based on mod_rewrite for Apache, there is also a NGINX implementation on the website.
The patterns are all real-world, certainly sometimes very explicitly targeted at very specific current or historical attacks, but generally very compatible and without much false-positive interference. At least in my experience. It’s nice to have nonsense stopped at the server level before it reaches your app.
In an attempt to better understand and get to know Caddy, I have now adapted the 7G Firwall to work with Caddy. Basically the work resulted in to snippets. One to match something and one to block requests.
Here is the link to the repository.
I see the Caddy 7G variant as being somewhere around beta status at the moment and the whole thing is ready to be tested by more people. The rejection of requests could of course also be designed with “nice” pages, but that’s up to everyone. I put the rules in front of a WordPress for testing and had no obvious problems.