I have already looked at header_regexp and searched for examples, and could not find any example of how it can be done by blocking any but 1 or 2 as whitelist
Well, it depends what you’re trying to do with the matcher. You said “how to block”, and the answer to that is to negate the matcher and then do something like abort or error or respond "Nope" 403 with that.
It’s just like an if/else block. You need to decide if you want the “happy path” to be in the if or in the else.
I tested with curl and manually going to the url, with not present both included names are blocked and everything else is accepted as user-agents, removing not blocks everything but allows TestName1*|TestName2* to bypass which is what I want, am I doing something wrong?
What I’m trying to say is that for me it works opposite of what you are writing it should do.
Conf
{
http_port 680
https_port 643
}
:80 {
encode gzip
log {
format transform [{ts}] - User={user_id} - X-Forwarded-For={request>headers>X-Forwarded-For} - remote_ip={request>remote_ip} Country={request>headers>Cf-Ipcountry} {request>method} {request>headers>X-Forwarded-Proto} {request>host} {request>uri} {request>headers>Referer>[0]} {request>headers>User-Agent>[0]} - {request>proto} {status} {size} - {
#{request>headers} <--- add this if you want full log
time_format "02/Jan/2006 15:04:05 -0700"
}
output file C:\Users\wazer\Desktop\caddy\logs\localhost.log {
roll true # Rotate logs, enabled by default
roll_size_mb 5 # Set max size 5 MB
roll_gzip true # Whether to compress rolled files
#roll_local_time true # Use localhost time
roll_keep 2 # Keep at most 2 log files
roll_keep_days 7 # Keep log files for 7 days
}
}
@blocked header_regexp User-Agent TestName1*|TestName2*
abort @blocked
handle @blocked {
handle_path /test {
root * C:\Users\wazer\Desktop\caddy\test.txt
file_server browse
}
}
handle @blocked {
reverse_proxy ip:port {
}
@notLocal {
not remote_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.1/8
}
basicauth @notLocal {
USER PASS
}
}
}
$ curl -H'User-Agent: TestName1' http://localhost:8883
Hello
$ curl -H'User-Agent: aaa' http://localhost:8883
curl: (52) Empty reply from server
FWIW, I’m not sure your regexp does what you expect. TestName1* means “TestName followed by zero or more 1 characters”. You probably mean to do TestName1.* or something to that effect. But I digress.
How to do that correct, my brain is malfunctioning right now, because I’m soo confused
Adding it above root * C:\Users\wazer\Desktop\caddy\works.txt from my user config will say empty to wrong useragent now but it wont output anything from allowed user agent, will show Content-Length: 0
Be ignored when you are on the same network, like the basicAuth, so its only on the outside/external ip restrictions is for both basicauth and user-agent block
Okay now the user-agent is working as you say, but now the basicauth is no longer working as it did before, I now have to remove “not” from remote_ip to let it allow to bypass basicauth when on same local network.
and by that how would I add bypass to the not header_regexp when on same local network too?