1. Caddy version (caddy version): v2.1.1 h1:X9k1+ehZPYYrSqBvf/ocUgdLSRIuiNiMo7CvyGUQKeA= 2. How I run Caddy: a. System environment: Ubuntu 20.04.2 b. Command: paste command here c. Service/unit/compose file: [Unit] Description=Caddy Documentation=https://caddyserver.com/docs/ After=syste…

Confirming this is behaving correctly (can’t bypass a match with X-Forwarded-For) in v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=

Filtering allowed hosts / IPs - Host header allows firewall bypass

Help

voltagex (Adam Baxter) March 14, 2021, 6:04am 2

I tried this, with @not_local_ip not remote_ip 127.0.0.1/32, but it seems like there’s an issue there in that I can bypass this with an X-Forwarded-For header!