Is it possible to combine a rewrite and a conditional proxy?

(WoJ) #1

I use caddy to proxify traffic to docker containers and would like to restrict access based on IPs. I cannot use plugins, so the optimal way would be to conditionally rewrite to a proxy

if {remote} starts_with 192.168 then proxy / x.x.x.x

The else does not matter, provided the traffic is not sent to x.x.x.x.

Is this something possible to do?

(Matthew Fay) #2

It’s not too difficult. You were pretty close to the mark in the other post that you deleted.

There’s two ways about it:

A) Proxy by default, forbidding bad clients

proxy / upstream
rewrite {
  if {remote} not_starts_with 192.168
  to /forbidden
}
status 403 /forbidden

B) Do something else by default (e.g. serve files), but proxy good clients:

root /var/www/html
rewrite {
  if {remote} starts_with 192.168
  to /proxy
}
proxy /proxy upstream {
  without /proxy
}
1 Like
(Matt Holt) #3

FYI, this is much easier (and makes way more sense) in Caddy 2.

(WoJ) #4

@matt Thank you - I will have a closer look to Caddy 2 now that I have deployed it successfully on my home servers.