bhaal85
(Bhaal85)
June 2, 2019, 9:30am
1
Hello
I can’t install / configure the http.filter plugin correctly in order to make only some sites available locally.
I used https://getcaddy.com/ and passed http.filter as a plugin parameter.
The list of plugins is installed:
./caddy -plugins:
Server types:
http
Caddyfile loaders:
short
flag
default
Other plugins:
http.basicauth
http.bind
http.browse
http.errors
http.expvar
http.ext
http.fastcgi
http.filter
http.gzip
http.header
http.index
http.internal
http.limits
http.log
http.markdown
http.mime
http.pprof
http.proxy
http.push
http.redir
http.request_id
http.rewrite
http.root
http.status
http.templates
http.timeouts
http.websocket
on
tls
tls.cluster.file`
My configuration file:
mysite:123 {
proxy / localhost:123 {
websocket
transparent
}
ipfilter / {
rule allow
ip 127.0.0.1
}
}
When I try to start caddy I get the error:
no action found for directive 'ipfilter' with server type 'http' (missing a plugin?)
What am I doing wrong?
Thank you
Hi @bhaal85 , welcome to the Caddy community!
Note that http.filter
plugin is different to http.ipfilter
. You’ll need to download Caddy with the latter, not the former.
bhaal85
(Bhaal85)
June 2, 2019, 7:30pm
3
Hello
thanks for your help, I managed to install http.ipfilter correctly and everything works.
I couldn’t solve my problem completely, maybe http.ipfilter is not for me.
I explain my problem:
I have three hosts
https://aaa.xxx.com :pppp
https://bbb.xxx.com :pppp
https://ccc.xxx.com :pppp
I would like to make sure that only https://aaa.xxx.com :pppp is visible from the outside.
In https://aaa.xxx.com :pppp there are iframes that point to https://bbb.xxx.com :pppp and https://ccc.xxx.com :pppp
If I don’t use http.ipfilter https://bbb.xxx.com and https://ccc.xxx.com they are visible from the outside.
If I use http.ipfilter inserting
ipfilter / {
rule allow
ip 127.0.0.1 192.168.0.201
}
https://bbb.xxx.com :pppp and https://cc.xxx.com :pppp are not reachable from the outside (403) but not from https://aaa.xxx.com :pppp
If I use different ports for https://bbb.xxx.com :dddd and https://ccc.xxx.com :dddd I get the error (421) when using iframes
Is there any configuration I can use with Caddy to solve this problem?
Thanks again
This is essentially expected behaviour for ipfilter. iframes won’t get around the block. If you’re not on the whitelist, you can’t load it.
What, exactly, are you trying to achieve?
b2c
(b2c)
June 3, 2019, 4:16am
5
I guess @bhaal85 is trying to block 2 hosts(bbb & ccc ) from accessing directly but only from a parent(aaa ) iframe/html.
Add headers in child hosts(bbb & ccc );
X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
X-Frame-Options: ALLOW-FROM https://aaa.xxx.com:pppp
https://caddyserver.com/docs/header
This will block others from loading them inside an iframe.
Add few lines of Javascript in child hosts index page;
if (window == window.top) { // if not iframe
window.location.href = "404.html";
}
This will allow your child hosts index page to load inside an iframe only .
This is not a full proof scenario but will protect from most users. You better use rest-api instead of iframe .
1 Like
system
(system)
Closed
September 1, 2019, 4:29am
6
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.