Caddy Geofilter?

I am running several public services behind my caddy server, some should have lots of global traffic from anywhere (a website) and some are only meant for a few registered users in the US/Europe (e.g. Nextcloud file sharing).

Is it possible to apply geofiltering on HTTPS requests to Caddy, so the Nextcloud server will be better protected from attacks by blocking all HTTPS requests from non relevant regions?

The geoip determination isn’t built into Caddy. There’s 3rd party plugin by the community.

thanks! Will try it. Do you know if I can set the filter separately for each revers-proxy entry in Caddyfile or does it apply to all of Caddyfile?

The linked plugin is a matcher. The reverse_proxy handler takes a matcher.

2 Likes

Is there a docker image for this caddy with geolocation plugin? I am running caddy inside docker.

Nothing readily available by us, but you can create your own image with a custom Dockerfile. Search this page for “Adding custom Caddy modules”.

https://hub.docker.com/_/caddy/

1 Like