1. Caddy version (caddy version
):
v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=
2. How I run Caddy:
Docker image caddy:2.4.3
System environment:
Docker
Service/unit/compose file:
version: '3'
services:
web:
build: .
# ...
caddy:
image: caddy:2.4.3
volumes:
- ./docker/caddy/Caddyfile:/etc/caddy/Caddyfile
- ./files/media:/data/media
- ./files/static:/data/static
- ./files/caddy:/data/caddy
ports:
- "80:80"
depends_on:
- web
d. My complete Caddyfile or JSON config:
http://example.com {
@denied path_regexp .+\.scss
handle @denied {
error 403
}
handle_path /media/* {
root * /data/media
file_server
}
handle_path /static/* {
root * /data/static
file_server
}
handle {
reverse_proxy web:8080
}
}
3. The problem I’m having:
My webserver is behind Caddyserver, and some static files serve in the /static/
and /media/
directory.
Meanwhile some sensitive files are also putted in the /static/
directory, like /static/css/app.scss
, I have to block them, so I write something like that:
@denied path_regexp .+\.scss
handle @denied {
error 403
}
If I request http://example.com/other/path/app.scss
, a “403 Forbidden” is returned, it is my expected result.
But if I request http://example.com/static/css/app.scss
, the file app.scss
is returned as usual.
I think the order of handle
directive is confused.
I tried another solution, putting the error
directive into the static handler:
http://example.com {
@denied path_regexp .+\.scss
handle_path /media/* {
root * /data/media
file_server
}
handle_path /static/* {
error @denied 403
root * /data/static
file_server
}
handle {
reverse_proxy web:8077
}
}
It didn’t work either.
So how can I solve this problem? Thank you!