1. The problem I’m having:
I’m new to Caddy setup and have been trying to use chatgpt to get rate limiting working so I can better protect against brute force etc.
I’m trying to apply Caddy v2.7+ rate_limit on login attempts only, not all traffic. I’ve used route blocks and matchers before. This config was working but was too aggressive — I’m now trying to scope it down to /login paths only.
However, now I get an error at startup that a rate limit zone requires both a window and events value. Even if I provide them, the same error appears. I am testing on a Windows 10 setup using a custom v2.7.6 Caddy binary with the http.handlers.rate_limit plugin.
A minimal example using route + rate_limit + matcher still fails.
2. Error messages and/or full log output:
2025/07/16 21:51:20.203 ←[34mINFO←[0m maxprocs: Leaving GOMAXPROCS=2: CPU quota undefined
2025/07/16 21:51:20.205 ←[34mINFO←[0m using config from file {“file”: “Caddyfile”}
Error: adapting config using caddyfile: parsing caddyfile tokens for ‘route’: parsing caddyfile tokens for ‘rate_limit’: a rate limit zone requires both a window and maximum events, at Caddyfile:13, at Caddyfile:28
shell
Copy
Edit
3. Caddy version:
v2.7.6-custom (Windows build, includes http.handlers.rate_limit)
4. How I installed and ran Caddy:
a. System environment:
Windows 10 x64
Running from extracted folder (not service)
b. Command:
caddy run --config Caddyfile
c. Service/unit/compose file:
N/A (manual run via CLI).
d. My complete Caddy config:
{
debug
}
(sd.riftz.duckdns.org) {
handle_path /login* {
route {
rate_limit loginzone {
key {remote_host}
window 30s
events 5
}
reverse_proxy 127.0.0.1:7860
}
}
handle {
reverse_proxy 127.0.0.1:7860
}
}
sd.riftz.duckdns.org {
import sd.riftz.duckdns.org
}