Match blocks help

Help
1

1. My Caddy version ( caddy version ):

v2 RC3

2. How I run Caddy:

./caddy2.0 run --config ./config2.1 --adapter caddyfile

a. System environment:

Linux Ubuntu 18.04.4 LTS

b. Command:

n/a

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile or JSON config:

{
    order basicauth before rewrite
}

x.x.x.x:7443 {
    reverse_proxy * localhost:5443 {
        header_up X-Real-IP {remote}
    }
    basicauth /* {
        monitor xxxxxxxx
        lindsey xxxxxxxx
    }
    respond /forbidden 403
    @monitor {
        expression {http.auth.user.id} == 'monitor'
        expression {method} != 'HEAD' || {uri} != '/'
    }
    rewrite @monitor /forbidden

    @lindsey {
         expression {http.auth.user.id} == 'lindsey'
         expression {uri} != '/' || {uri} != '/Videos/.*'
         #expression {uri} != '/' || ! {uri}.startsWith("/Videos/")
    }
    rewrite @lindsey /forbidden

}

3. The problem I’m having:

I’m not understanding why this is failing to work the way i’d like it to.

I have two sets of match blocks.

The first block is supposed to say for monitor only allow a HEAD method and the root URI. If it isn’t a HEAD method or if the uri isn’t the root rewrite to forbidden. If I only use that block, it works fine. It does what I need to in my testing.

@monitor {
    expression {http.auth.user.id} == 'monitor'
    expression {method} != 'HEAD' || {uri} != '/'
}
rewrite @monitor /forbidden

dell-rob:~/goproj$ curl -I  -u monitor:$PASS $URL:7443/
HTTP/2 200 
content-type: text/html; charset=utf-8
date: Wed, 22 Apr 2020 16:25:45 GMT
server: Caddy
content-length: 616

dell-rob:~/goproj$ curl -I  -u monitor:$PASS $URL:7443/apk/
HTTP/2 403 
server: Caddy
date: Wed, 22 Apr 2020 16:25:55 GMT

dell-rob:~/goproj$ curl -I -i -X PROPFIND  -u monitor:$PASS $URL:7443/Videos/
HTTP/2 403 
server: Caddy
content-length: 0
date: Wed, 22 Apr 2020 16:26:03 GMT

dell-rob:~/goproj$ curl -I -i -X PROPFIND  -u monitor:$PASS $URL:7443/
HTTP/2 403 
server: Caddy
content-length: 0
date: Wed, 22 Apr 2020 16:26:08 GMT

When I introduce the second block to the config, the first one (monitor) no longer works and neither does the second.

@monitor {
    expression {http.auth.user.id} == 'monitor'
    expression {method} != 'HEAD' || {uri} != '/'
}
rewrite @monitor /forbidden

@lindsey {
     expression {http.auth.user.id} == 'lindsey'
     expression {uri} != '/' || {uri} != '/Videos/.*'
     #expression {uri} != '/' || ! {uri}.startsWith("/Videos/")
}
rewrite @lindsey /forbidden

dell-rob:~/goproj$ curl -I  -u monitor:$PASS $URL:7443/
HTTP/2 403
server: Caddy
date: Wed, 22 Apr 2020 16:29:56 GMT

dell-rob:~/goproj$ curl -I  -u monitor:$PASS $URL:7443/apk/
HTTP/2 403 
server: Caddy
date: Wed, 22 Apr 2020 16:30:05 GMT

4. Error messages and/or full log output:

Shown above.

5. What I already tried:

Shown above.

2

I was able tto fix it. It seems to be related to using this syntax:

expression {uri} != ‘/’ || {uri} != ‘/Videos/.*’

I realized I can make it simple with
path / /Videos/*

and that seems to be working for me. I still don’t understand why I cant use the || though.

1 Like
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.