1. My Caddy version ( caddy version
):
v2 RC3
2. How I run Caddy:
./caddy2.0 run --config ./config2.1 --adapter caddyfile
a. System environment:
Linux Ubuntu 18.04.4 LTS
b. Command:
n/a
c. Service/unit/compose file:
paste full file contents here
d. My complete Caddyfile or JSON config:
{
order basicauth before rewrite
}
x.x.x.x:7443 {
reverse_proxy * localhost:5443 {
header_up X-Real-IP {remote}
}
basicauth /* {
monitor xxxxxxxx
lindsey xxxxxxxx
}
respond /forbidden 403
@monitor {
expression {http.auth.user.id} == 'monitor'
expression {method} != 'HEAD' || {uri} != '/'
}
rewrite @monitor /forbidden
@lindsey {
expression {http.auth.user.id} == 'lindsey'
expression {uri} != '/' || {uri} != '/Videos/.*'
#expression {uri} != '/' || ! {uri}.startsWith("/Videos/")
}
rewrite @lindsey /forbidden
}
3. The problem I’m having:
I’m not understanding why this is failing to work the way i’d like it to.
I have two sets of match blocks.
The first block is supposed to say for monitor only allow a HEAD method and the root URI. If it isn’t a HEAD method or if the uri isn’t the root rewrite to forbidden. If I only use that block, it works fine. It does what I need to in my testing.
@monitor {
expression {http.auth.user.id} == 'monitor'
expression {method} != 'HEAD' || {uri} != '/'
}
rewrite @monitor /forbidden
dell-rob:~/goproj$ curl -I -u monitor:$PASS $URL:7443/
HTTP/2 200
content-type: text/html; charset=utf-8
date: Wed, 22 Apr 2020 16:25:45 GMT
server: Caddy
content-length: 616
dell-rob:~/goproj$ curl -I -u monitor:$PASS $URL:7443/apk/
HTTP/2 403
server: Caddy
date: Wed, 22 Apr 2020 16:25:55 GMT
dell-rob:~/goproj$ curl -I -i -X PROPFIND -u monitor:$PASS $URL:7443/Videos/
HTTP/2 403
server: Caddy
content-length: 0
date: Wed, 22 Apr 2020 16:26:03 GMT
dell-rob:~/goproj$ curl -I -i -X PROPFIND -u monitor:$PASS $URL:7443/
HTTP/2 403
server: Caddy
content-length: 0
date: Wed, 22 Apr 2020 16:26:08 GMT
When I introduce the second block to the config, the first one (monitor) no longer works and neither does the second.
@monitor {
expression {http.auth.user.id} == 'monitor'
expression {method} != 'HEAD' || {uri} != '/'
}
rewrite @monitor /forbidden
@lindsey {
expression {http.auth.user.id} == 'lindsey'
expression {uri} != '/' || {uri} != '/Videos/.*'
#expression {uri} != '/' || ! {uri}.startsWith("/Videos/")
}
rewrite @lindsey /forbidden
dell-rob:~/goproj$ curl -I -u monitor:$PASS $URL:7443/
HTTP/2 403
server: Caddy
date: Wed, 22 Apr 2020 16:29:56 GMT
dell-rob:~/goproj$ curl -I -u monitor:$PASS $URL:7443/apk/
HTTP/2 403
server: Caddy
date: Wed, 22 Apr 2020 16:30:05 GMT
4. Error messages and/or full log output:
Shown above.
5. What I already tried:
Shown above.