How to require headers for route?

Help
1

1. The problem I’m having:

I want to require an Authorization header for a route.

But I can’t match the route with this curl:

curl -H "Authorization: 123" http://localhost:8080/abc/
401 Not authorized abc

curl -H "Authorization: 123" http://localhost:8080/def/
401 Not authorized def

What am I doing wrong?

And is there a better way to write this config?

3. Caddy version:

v2.9.0-beta.2

d. My complete Caddy config:

:8080 {
	handle /abc/* {
		@rbac <<CEL
		(header({'Authorization': ['123']})) ||
		(header({'Authorization': ['234']}))
		CEL
		reverse_proxy @rbac {
			to server1:3000
		}
		respond "401 Not authorized abc" 401
	}
	handle /def/* {
		@def {
			header Authorization 123
		}
		reverse_proxy @def {
			to server1:3000
		}
		respond "401 Not authorized def" 401
	}
	handle {
		reverse_proxy {
			to server1:3000
		}
	}
}

5. Links to relevant resources:

2

Works for me:

:8881 {
	@rbac <<CEL
		header({'Authorization': ['123', '234']})
		CEL
	respond @rbac "OK"
	respond "NOT OK"
}

$ curl -H'Authorization: 1234' http://localhost:8881
NOT OK

$ curl -H'Authorization: 123' http://localhost:8881
OK
2 Likes
3

Oh your issue is with directive order: Caddyfile Directives — Caddy Documentation

respond has a higher directive order so it always gets sorted before reverse_proxy within the same context. You can wrap them in handle to control the order they run in. See the docs.

1 Like
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.