1. Caddy version (caddy version
): 2.3.0
2. How I run Caddy:
Behind a firewall, with ports 80 and 443 port forwarded
a. System environment:
Docker
b. Command:
c. Service/unit/compose file:
d. My complete Caddyfile or JSON config:
(homecert) {
tls /root/starhemma.crt /root/starhemma.key
}
sonarr.hemma.lokal {
@internal {
remote_ip forwarded 192.168.0.0/16
}
handle @internal {
reverse_proxy sonarr:8989
import homecert
}
log {
output file /tmp/sonarr.log
level DEBUG
format json
}
respond 403
}
3. The problem I’m having:
I expected requests made from 192.168.0.0/16 to go through, requests from other IPs should get the 403-error, but in the logfile I see this:
2021/08/18 13:26:18.099 info http.log.access.log0 handled request {"request": {"remote_addr": "1.1.1.1:41918", "proto": "HTTP/1.1", "method": "HEAD", "host": "sonarr.hemma.lokal", "uri": "/", "headers": {"User-Agent": ["curl/7.47.0"], "Accept": ["*/*"]}, "tls": {"resumed": false, "version": 771, "cipher_suite": 49196, "proto": "http/1.1", "proto_mutual": true, "server_name": "almstrom.org"}}, "common_log": "1.1.1.1 - - [18/Aug/2021:13:26:18 +0000] \"HEAD / HTTP/1.1\" 200 0", "duration": 0.003166562, "size": 0, "status": 200, "resp_headers": {"Date": ["Wed, 18 Aug 2021 13:26:18 GMT"], "Content-Length": ["0"], "Content-Type": ["text/html"], "Server": ["Caddy", "Mono-HTTPAPI/1.0"], "X-Ua-Compatible": ["IE=edge"], "Pragma": ["no-cache"], "Expires": ["0"], "X-Application-Version": ["3.0.6.1265"], "Cache-Control": ["no-cache, no-store, must-revalidate, max-age=0"]}}
So, the remote_addr line, which has been obfuscated, in the logfile shows that the request is coming from an IP outside the 192.168.0.0/16 range, but it still gives me a 200-response. I have tried with and without forwarded