How to Set up the Caddyfile so that the only domain can access my endpoint

emilylange · March 18, 2022, 5:48am

Hi

Your reverse_proxy upstream (127.0.01 vs 127.0.0.1) is a bit odd (typo?), but will work just fine because of different IP representations (IP zero suppression and zero compression in this case).
While it does work, I’d recommend changing it to 127.0.0.1 anyway.
2 of those 4 @namedMatcher are still equal. Prefixing the name of a @namedMatcher with not (@not_namedMatcher) will only change the name and nothing else.
If you want @not_findprovs to not match the paths of @findprovs you would need to prefix the path with not:
```
  @findprovs {
      path /api/v0/dht/findprovs
      method POST
      header_regexp Referer (domainB)
  }

  @not_findprovs {
-     path /api/v0/dht/findprovs
+     not path /api/v0/dht/findprovs
      method POST
      header_regexp Referer (domainB)
  }
```
But please see Request matchers (Caddyfile) — Caddy Documentation
And as @francislavoie already wrote:

francislavoie:

But also the inverse of that matcher would be “match literally every request except this one” which is probably not what you want.
@matt did an amazingly extensive explanation about directive order in Caddyfiles here:
Composing in the Caddyfile
I can assure you this will help you understand how matchers and ordering works!
So please consider reading it and use some handle {}s and maybe post your new Caddyfile again, if you have any remaining questions
And relying on the referrer (Referer header) for any kind of security is an awful idea. Trivially easy to overcome as a “bad actor” and some browser may not even send that header at all, which would render them incompatible with your site.