Okay. I believe there is an issue somewhere. I’ll try to explain as best I can.
I set up a minimal Caddyfile for the WP test site.
:80 {
log {
output file /var/log/caddy/access.log
}
root * /usr/local/www/wordpress
php_fastcgi 127.0.0.1:9000
file_server
}
I access the script wp-login.php
in a browser window. This is what I see in the browser:
This is what I see in the access log:
{"level":"info","ts":1630290363.6400852,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"10.1.1.4:17262","proto":"HTTP/1.1","method":"GET","host":"xxx.udance.com.au","uri":"/wp-login.php","headers":{"Upgrade-Insecure-Requests":["1"],"X-Forwarded-Proto":["https"],"Sec-Fetch-Site":["none"],"Sec-Ch-Ua":["\"Chromium\";v=\"92\", \" Not A;Brand\";v=\"99\", \"Microsoft Edge\";v=\"92\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-User":["?1"],"X-Forwarded-For":["10.1.1.222"],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-US,en;q=0.9"],"Cookie":["wordpress_test_cookie=WP%20Cookie%20check"],"Sec-Fetch-Dest":["document"],"Cache-Control":["max-age=0"],"Sec-Fetch-Mode":["navigate"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Edg/92.0.902.84"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"]}},"common_log":"10.1.1.4 - - [30/Aug/2021:10:26:03 +0800] \"GET /wp-login.php HTTP/1.1\" 200 6126","duration":0.264896908,"size":6126,"status":200,"resp_headers":{"X-Powered-By":["PHP/7.4.21"],"Expires":["Wed, 11 Jan 1984 05:00:00 GMT"],"Cache-Control":["no-cache, must-revalidate, max-age=0"],"Content-Type":["text/html; charset=UTF-8"],"Set-Cookie":["wordpress_test_cookie=WP%20Cookie%20check; path=/; secure"],"Server":["Caddy"],"X-Frame-Options":["SAMEORIGIN"]}}
{"level":"info","ts":1630290364.0914872,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"10.1.1.4:17262","proto":"HTTP/1.1","method":"GET","host":"xxx.udance.com.au","uri":"/favicon.ico","headers":{"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Dest":["image"],"Accept-Language":["en-US,en;q=0.9"],"Sec-Ch-Ua":["\"Chromium\";v=\"92\", \" Not A;Brand\";v=\"99\", \"Microsoft Edge\";v=\"92\""],"Sec-Fetch-Mode":["no-cors"],"X-Forwarded-For":["10.1.1.222"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Edg/92.0.902.84"],"Accept":["image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"],"Cookie":["wordpress_test_cookie=WP%20Cookie%20check"],"Referer":["https://xxx.udance.com.au/wp-login.php"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Site":["same-origin"],"X-Forwarded-Proto":["https"]}},"common_log":"10.1.1.4 - - [30/Aug/2021:10:26:04 +0800] \"GET /favicon.ico HTTP/1.1\" 302 0","duration":0.258119519,"size":0,"status":302,"resp_headers":{"Content-Type":["text/html; charset=UTF-8"],"Link":["<https://xxx.udance.com.au/wp-json/>; rel=\"https://api.w.org/\""],"X-Redirect-By":["WordPress"],"Location":["https://xxx.udance.com.au/wp-includes/images/w-logo-blue-white-bg.png"],"Status":["302 Found"],"X-Powered-By":["PHP/7.4.21"],"Server":["Caddy"]}}
In the first line in the headers, I see fields and values like "Cookie":["wordpress_test_cookie=WP%20Cookie%20check"]
and "Cache-Control":["max-age=0"]
and a "status":200
. In the second line, I see "Referer":["https://xxx.udance.com.au/wp-login.php"]
, but I also see "status":302
.
I append some code for testing handle_regexp
in the Caddyfile.
:80 {
log {
output file /var/log/caddy/access.log
}
root * /usr/local/www/wordpress
php_fastcgi 127.0.0.1:9000
file_server
@test header_regexp <field> <regexp>
handle @test {
respond @test "Match"
}
handle {
respond "No match"
}
}
Cookie
I set the matcher to look for the word cookie
in the field Cookie
.
@test header_regexp Cookie cookie
After reloading the Caddyfile, I access the login script again and get a match.
This time, I set the matcher to look for the word biscuit
in the field Cookie
.
@test header_regexp Cookie biscuit
I access the script again after reloading Caddyfile and I get no match. So far, it all works as expected.
Cache-Control
I repeat the exercise for the field Cache-Control
looking for the word max-age
and then maxage
and get a match and no match as expected.
Referer
I repeat the exercise, but this time look for the word login
in Referer
@test header_regexp Referer login
This time I get a no match. I repeat for the words udance
and http
and even just the letter a
and get the same result.
The main difference I’m seeing is that Referer doesn’t appear in the browser inspect screen and appears in the second line rather than the first line of the access log. I think this has something to do with why I’m not getting a match and why I’m not able to deny access to no referrer requests using the code below. The matcher is never activated.
@noreferrer header_regexp Referer https?://xxx\.udance\.com\.au/(wp-comments-posts|wp-login)\.php$
abort @noreferrer