Does Caddy have some kind of WAF?

does Caddy have some kind of WAF or some way to protect Meteor.js Node/MongoDB app that is behind Caddy proxy?

Logs for current problem are here:

Currently I have this config. http/1.1 if for compatibility with Firefox inspect console, that only supports http/1.1 {
	tls {
	    alpn http/1.1
	proxy / localhost:3001 {
1 Like

Hi @xet7,

Caddy itself is not a WAF. I’d guess that WAF-like behaviours could be implemented easily as a plugin, though.

Plugins like clamav scan (file uploads, downloads if used as forward proxy) or something like mod_security would be nice.
Any plans to do that? First step a clamav plugin would be really nice!

Hi @pwFoo, don’t think there’s any plans for this.

With v2 development still going ahead full steam, it isn’t likely to go on the docket for v1. You could open an issue on the Github requesting this as a feature in v2 though, see if you can get some interest.


That’s correct.

I definitely want to see a WAF app for Caddy 2.


I hope so too!. WAF would be expected for PCI compliance and “enterprise readiness”. Unfortunately I am not a plugin writer. :frowning: