Allow Connections Via Hostname Only

Hi,

Using Caddy V2 as a reverse proxy, but I am noticing connections directly to the Public IP’s.

Is it possible to catch all connections to the IPs of the web servers and only allow the hostname (ie website.com) instead of serving/redirecting?

Hi @the_brains, welcome to the Caddy community!

Caddy won’t respond for a request to any hostname you haven’t configured, except to say it’s not serving that website.

Specifically, those requests to IP addresses will be answered with Status 404, with body content: 404 Site <IP ADDRESS> is not served on this interface. They don’t get redirected, or served anything else… Unless you configure Caddy with that IP address as an actual site label!

Test it for yourself - here I curl caddyserver.com (which runs on Caddy v2) and ask firstly for it’s IP address, then no hostname in particular:

c/Users/matt
➜ curl -iH "Host:138.68.248.151" caddyserver.com
HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
Server: Caddy
X-Content-Type-Options: nosniff
Date: Wed, 29 Apr 2020 11:21:18 GMT
Content-Length: 56

404 Site 138.68.248.151 is not served on this interface

c/Users/matt
➜ curl -iH "Host:" caddyserver.com
HTTP/1.1 400 Bad Request: missing required Host header
Content-Type: text/plain; charset=utf-8
Connection: close

400 Bad Request: missing required Host header⏎

So we can see Caddy refusing to serve anything at all without a Host header, and essentially rejecting a request for the IP address.

Caddy will only serve your site configuration when the client requests the hostname you’ve specified for the site.

2 Likes

Thanks Matt, this makes sense. I have made changes to the Caddyfile and its working as required now. Appreciate your detailed response

1 Like