"Passing through" original IPs?

My Caddy version:

My Caddyfile:

my.domain.com {
proxy / {

tls my@email.com

log stdout
errors stderr


System environment:
Ubuntu 18.04 LTS

The problem I’m having:

For the Webserver behind caddy it seems like all requests would originate from caddy instead of the original WAN-IP of the source. Therefore, caddy often gets banned for bruteforce instead of the source of the attacks.
Is there a way to “pass-through” the original IP?

Hi @Tenou, welcome to the Caddy community!

You’re already doing it with transparent.

That preset adds the following (among other things):

header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-For {remote}

So tell your app to look for the contents of either the X-Real-IP header or the X-Forwarded-For header, and you’ll have your originating IP.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.