Hi @jfirestorm44,
First - a note on terminology. Generally when speaking in the context of web technologies, when you say “remote”, it means “any other host than the server itself”.
So your router is “remote” from your server. Internal / external network is the terminology you’re probably looking for.
So, you’re trying to deny external access. Are you trying to allow some sites to be externally available while others are only internally available?
If so, you can - within each site that should only be internal - check to make sure the remote IP address is coming from a private IP range. This is a quick and easy way to check it’s being accessed internally.
There’s a matcher that does this - remote_ip: Request matchers (Caddyfile) — Caddy Documentation
What you want to do is set up a matcher with the CIDR ranges for your LAN, and then handle or route those requests properly. Leave unmatched requests either unrouted or respond explicitly with some kind of denial, like a 403 Forbidden.
example.com {
@internal {
remote_ip 192.168.0.0/16
}
handle @internal {
reverse_proxy 127.0.0.1:9000
}
respond 403
}