How do you blacklist in the windows version

Help
1

1. Caddy version: 2.0.0

2. How I run Caddy:

cd C:\caddy
    caddy run

a. System environment:

Windows 10 Pro x64 (Up to date)

b. Command: What command?

c. Service/unit/compose file: I don’t know what these are, sorry.

d. My complete Caddyfile or JSON config:

{
email   example@protonmail.com 
}
libflix.ddns.net {
	encode gzip
		log {
			output file C:\caddy\logs\jellyfin.log {
				roll true				# Rotate logs, enabled by default
				roll_size_mb 5			# Set max size 5 MB
				roll_gzip true			# Whether to compress rolled files
				roll_local_time true	# Use localhost time
				roll_keep 2				# Keep at most 2 log files
				roll_keep_days 7		# Keep log files for 7 days 
			}
		}
    reverse_proxy localhost:8096 
}
# Edit 05/06/20 Remove Empty Brackets, Change logging format, and added Email portion. Commented out email portion for now
# Edit 05/07/20 Removed Email portion. Adding an optional part in the guide for it.

3. The problem I’m having:

The video stream stops randomly, i think it may be related to the amount of unsolicited traffic.
I am getting “no certificate available for” TLS handshake errors for tens of thousands of different sequential IP addresses from the sites events.gfe.nvidia.com and watson.telemetry.microsoft.com. The microsoft site gives me two other errors immediately after: “tls: client offered only unsupported versions: [301]” and “tls: client offered only unsupported versions:

4. Error messages and/or full log output:

The pictures below show them. The errors aren’t in the log. I searched nvidia, watson, ect and nothing came up. The full log is too large to post.

5. What I already tried:

I tried to see if i could install ipfilter, but thats not for caddy in windows. I tried to get a SSL certification to see if that would change anything, but i dont think that can be easily accomplished in windows either. I found different commands for blacklisting like the one below, but i doubt it would work without IPfilter, and even if it did, i it doesn’t seem like there’s enough detail in that thread for me to configure it correctly(this is how to proxy the non blacklisted, but where is the blacklist itself?)

# Proxy non blacklisted
example.com {
  @notblacklisted {
    not {
      path /bar* /blacklisted* /denied*
    }
  }

  reverse_proxy @notblacklisted 127.0.0.1
}

6. Links to relevant resources:

https://caddyserver.com/v1/docs/http.ipfilter

TLS2
TLS2943×943 1.41 MB

TLS
TLS862×905 1.34 MB

2

All modules and plugins work cross-platform. ipfilter, though, is a v1 plugin, not a v2 module.

You can get similar results from using a matcher and a responder in v2, though.

Request matchers (Caddyfile) — Caddy Documentation
respond (Caddyfile directive) — Caddy Documentation

This won’t entirely solve DOS-level traffic issues, though - all this is doing is telling Caddy how to respond to it. If you need to stop that traffic before it reaches Caddy and consumes all of your resources, you might want to firewall it instead.

3

This topic was automatically closed after 30 days. New replies are no longer allowed.