Nginx rules to Caddy

Winson · July 18, 2020, 10:55am

I tried to use rewrite to handle rules from Nginx to Caddy 2, When login to wp-admin with #5, I get broken link. How do you rewrite it Caddy?

#1 WordPress: allow TinyMCE
location = /wp-includes/js/tinymce/wp-tinymce.php {
        include nginxconfig.io/php_fastcgi.conf;
}

#2 WordPress: deny wp-content, wp-includes php files
location ~* ^/(?:wp-content|wp-includes)/.*\.php$ {
        deny all;
}

#3 WordPress: deny wp-content/uploads nasty stuff
location ~* ^/wp-content/uploads/.*\.(?:s?html?|php|js|swf)$ {
        deny all;
}

#4 WordPress: deny wp-content/plugins (except earlier rules)
location ~ ^/wp-content/plugins {
        deny all;
}

#5 WordPress: deny scripts and styles concat
location ~* \/wp-admin\/load-(?:scripts|styles)\.php {
        deny all;
}

#6 WordPress: deny general stuff
location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$ {
        deny all;
}

francislavoie · July 18, 2020, 12:17pm

What did you try so far? What’s your Caddyfile? You didn’t fill out the thread template.

I think you want to pair a path_regexp matcher with the respond directive to return a 403 response (equivalent of deny all – I don’t remember exactly if nginx returns a 403 on deny, but the effect should be the same).

Winson · July 19, 2020, 7:45am

Sorry for not filling up the template. I’m not sure how I could solve #4 and #5 when I see those Nginx generated rules use them with no issues. As far as I know they are request when the end user and admin access the site according to the devtool in Google Chrome.

#Nginx 1 WordPress: allow TinyMCE
location = /wp-includes/js/tinymce/wp-tinymce.php {
        include nginxconfig.io/php_fastcgi.conf;
}

#Caddy 1 WordPress: allow TinyMCE
#Ignore


#Nginx 2 WordPress: deny wp-content, wp-includes php files
location ~* ^/(?:wp-content|wp-includes)/.*\.php$ {
        deny all;
}

#Caddy 2 WordPress: deny wp-content, wp-includes php files
@cntinc path_regexp "^/(?:wp-content|wp-includes)/.*\.php$"
respond @cntinc 403


#Nginx 3 WordPress: deny wp-content/uploads nasty stuff
location ~* ^/wp-content/uploads/.*\.(?:s?html?|php|js|swf)$ {
        deny all;
}

#Caddy 3 WordPress: deny wp-content/uploads nasty stuff 
@upload path_regexp "^/wp-content/uploads/.*\.(?:s?html?|php|js|swf)$"
respond @upload 403


#Nginx 4 WordPress: deny wp-content/plugins (except earlier rules)
location ~ ^/wp-content/plugins {
        deny all;
}

#Broke public pages
#Caddy 4 WordPress: deny wp-content/plugins (except earlier rules)
@plugins path_regexp "^/wp-content/plugins"
respond @plugins 403


#Nginx 5 WordPress: deny scripts and styles concat
location ~* \/wp-admin\/load-(?:scripts|styles)\.php {
        deny all;
}

#Broke admin page
#Caddy 5 WordPress: deny scripts and styles concat
@ss path_regexp "/wp-admin/load-(?:scripts|styles).php"
respond @ss 403

#Nginx 6 WordPress: deny general stuff
location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$ {
        deny all;
}

#Caddy 6 WordPress: deny general stuff
@filess path_regexp "^/(?:xmlrpc.php|wp-links-opml.php|wp-config.php|wp-config-sample.php|wp-comments-posts.php|readme.html|license.txt)$"
respond @filess 403

system · August 17, 2020, 10:55am

This topic was automatically closed after 30 days. New replies are no longer allowed.