How to verify header for getting Successful Response

1. Caddy version (caddy version):

v2.2.0 h1:sMUFqTbVIRlmA8NkFnNt9l7s0e+0gw+7GPIrhty905A=

2. How I run Caddy:

a. System environment:

Ubuntu

b. Command:

Download Caddy using the following command:

wget https://github.com/caddyserver/caddy/releases/download/v2.2.0/caddy_2.2.0_linux_amd64.tar.gz

Untar Caddy.

tar xvzf caddy_2.2.0_linux_amd64.tar.gz

Move the caddy binary into /usr/local/bin/, for example:

sudo mv caddy /usr/local/bin/

Now let’s test reverse proxy with automatic HTTPS. Make sure to replace example.com with your domain name.

caddy reverse-proxy --from example.com --to 127.0.0.1:8080

After launching the the command, test in web-browser to access your domain. If it’s working, install the systemd service unit configuration file. Again, don’t forget to replace example.com for your domain name.

printf "[Unit]\nAfter=network.target\n\n[Service]\nLimitNOFILE=1048576\nExecStart=/usr/local/bin/caddy reverse-proxy --from example.com --to 127.0.0.1:8080\nRestart=always\nStartLimitInterval=600\n\n[Install]\nWantedBy=multi-user.target" | sudo tee /etc/systemd/system/caddy.service

And finally start Caddy:

systemctl start caddy

Also have the Caddy Server service start automatically on boot so you don’t have to start it manually:

systemctl enable caddy

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.

d. My complete Caddyfile or JSON config:

example.com { reverse_proxy 127.0.0.1:8080
}
example.net { reverse_proxy 127.0.0.1:8080
}

3. The problem I’m having:

I have certain header let say “API-token : xyz1234” whenever the get request is made to above urls. I want to check that if this header is present in the request than the response is successfull & if not than it will give 403 error instead. I want to achive this through the Caddyfile. I want it for both of my urls. here is my simple request header

:authority: example.com
:method: GET
:path: /
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,hi;q=0.8
api-token: Little27.
cache-control: max-age=0
cookie: compact=false; session=JD6et6ZONU68uISaWs6nYANDUHr5q2Tkms0flYmIJIfw
referer: https://manager.rajatex.in/summary-view?FileID=UmFqYSBUZXg
sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91"
sec-ch-ua-mobile: ?0
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

4. Error messages and/or full log output:

root@localhost:~# caddy start
2021/07/17 18:59:05.747 INFO    using adjacent Caddyfile
run: adapting config using caddyfile: Caddyfile:6: unrecognized directive: if
start: caddy process exited with error: exit status 1
root@localhost:~#

5. What I already tried:

I tried like this something but it failed

rewrite {
    if {>api-token} not {"Little27."}
    to /forbidden
  }
  status 403 /forbidden

6. Links to relevant resources:

Please upgrade to the latest version, v2.4.3. Your version is quite old at this point.

Since you’re using Ubuntu, I strongly recommend following these instructions to install Caddy instead, since it will keep it up to date:

That’s not valid syntax in Caddy v2. That’s syntax from Caddy v1.

See the docs for the rewrite directive:

What you want to use though is to use a header matcher paired with the respond directive to do what you want:

@hasApiToken header !Api-Token
respond @hasApiToken 403

Hey
thanks for you help but I achieved this through…

example.com {

        @apirequests {
                header X-Auth-token test123
        }

        route {
                reverse_proxy @apirequests localhost:5000
                respond "No soup for you!"
        }
}

You can simplify somewhat by inverting the logic:

example.com {
  @unauthorized not header X-Auth-Token "test123"
  respond @unauthorized "No soup for you!"
  reverse_proxy localhost:5000
}
3 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.