Introducing Caddy Defender

xstefen · January 15, 2025, 5:05am

Not my work. Is the result of a Reddit discussion earlier today. Call it self care

Caddy Defender Plugin
The Caddy Defender plugin is a middleware for Caddy that allows you to block or manipulate requests based on the client’s IP address. It is particularly useful for preventing unwanted traffic or polluting AI training data by returning garbage responses.

Features
IP Range Filtering: Block or manipulate requests from specific IP ranges.
Embedded IP Ranges: Predefined IP ranges for popular AI services (e.g., OpenAI, DeepSeek, GitHub Copilot).
Custom IP Ranges: Add your own IP ranges via Caddyfile configuration.
Multiple Responder Backends:
Block: Return a 403 Forbidden response.
Garbage: Return garbage data to pollute AI training.
Custom: Return a custom message.

Github
Reddit Inception

SpencerDub · January 15, 2025, 5:20am

This is an incredible feature. Thank you for sharing your work.

json · January 15, 2025, 5:41am

tysm! Still has a lot of room for improvement though

xstefen · January 15, 2025, 5:52am

~~Im working on a PR for fetching/parsing Azure Public Cloud right now~~ done

matt · January 15, 2025, 9:39pm

Amazing. I’ll share this too!

xstefen · January 15, 2025, 11:11pm

Thanks everyone. Any and all shares, stars, contributions, feedback is absolutely welcome. Work is being done and always room for improvement!

Again, all credit due goes to @json

ronix · January 21, 2025, 9:15am

I have created two modules that do something similar:

GitHub - mkalus/caddy_block_aws: Automatically block all calls from AWS servers in your Caddy server automatically blocks all requests from AWS ip blocks (both ipv4 and ipv6). I created this after being spammed by suspicious looking scanners from such IP ranges.
GitHub - mkalus/caddy_nobots_v2: Caddy v2 Server plugin to protect your website against web crawlers and bots can block requests based on user agent entries. Useful to block bots.

json · January 21, 2025, 2:27pm

Oo your block AWS plugin is super interesting.
I do have an AWS matching as well as specific region matching. But it looks like you’re IP matching library is a lot more efficient than mine, so I’m going to have to look into that library. Thank you!

ronix · January 21, 2025, 3:23pm

I used a tree structure for IPs for efficient range lookups. Have not really benchmarked it, but I looked at the code and it made sense to use byte range queries for IPs.

json · January 24, 2025, 8:45am

I’ve since updated my plugin to use an ART-based structure. specifically https://github.com/gaissmai/barts, some quick testing showed it to be a whole lot faster + the cache has been switched over to sturdyc.

tallguy · January 24, 2025, 8:01pm

Interesing, but you had a small typo in the link: GitHub - gaissmai/bart: The Balanced Routing Table is an adaptation of D. Knuth's ART algorithm and requires significantly less memory at comparable speed.

json · January 24, 2025, 11:56pm

Sorry, where’s the typo? I can’t find it lol. Mind submitting a PR to fix it or point it out. Thanks in advance!

xstefen · February 23, 2025, 10:04pm

@matt can ownership of this thread be given to @json ?

Also: tfw doing caddy research while on vpn:

You are blocked due to abuse. Speak with your ISP.

Love it

Thanks

matt · February 24, 2025, 7:42pm

We had to block a bunch of AS’es due to severe spam…

Hm, I’m not sure how to transfer topic ownership…

but we can link to a new topic started by @json and close this one?

json · February 25, 2025, 8:53pm

Ah it’s okay! I don’t mind if someone else owns the thread

xstefen · February 25, 2025, 9:18pm

This was shown while on Mullvad network, so not surprising