Block by dynamic IP possible?

1. Caddy version (caddy version):

2.5.1

2. How I run Caddy:

Docker

d. My complete Caddyfile or JSON config:

3. The problem I’m having:

Hello,

The following scenario:
I have an analytics tool. This should, when I call it from my home internet connection, return a 403 when loading the javascript snippet. The reason is that my visits should not be recorded.

    @blocked {
        path /umami.js
        remote_ip 80.122.186.134
    }
    respond @blocked 403

The following snippet works without any problems. However, my IP address changes when there is a reconnect from the provider.

I could now put the IP address as an env variable in the Docker container, but this would also result in a restart of the proxy every time.

Now my idea was to get a domain, which always holds the A-record with my IP, somehow into Caddy, so that is blocked dynamically. Is it somehow possible to set something like the remote_ip filter to a hostname and Caddy resolves to the corresponding IP?

With remote_ip this seems not possible, are there other ways?

No, as this would add significant latency to requests and reduce the total traffic capacity of the server.

I’d recommend setting a cookie in your browser instead, then using a header matcher to match cookies.

2 Likes

Nice idea, thank you!

This works for me:

https://myurl.de {

    # import logging
    import tls
    import compression
    import header

    @blocked {
        path /umami.js
        header_regexp Cookie "disabled"
    }
    respond @blocked 403

    reverse_proxy analytics-app-1:3000
}

Any ideas on how to set the cookie “disabled” when https://myurl.de/dashboard is requested? My idea: Users which are logged in to the admin interface get the cookie automatically.

1 Like

Yeah, I mean, you could just set the cookie to authenticated users or something. That might be best IMO.

Yeah, I meant „how to translate this into caddy config“ :smiley:

    @disabled {
        path /umami.js
        header_regexp Cookie "disabled"
    }
    respond @disabled 404

    @authenticated {
        path /dashboard
    }

    reverse_proxy @authenticated analytics-app-1:3000 {
    	header_down Set-Cookie "disabled=true"
    }
    reverse_proxy analytics-app-1:3000

Is this the best practice? :slight_smile:

This topic was automatically closed after 30 days. New replies are no longer allowed.