Possible to filter ip via X-Forwarded-For to bypass basic auth when using cloudflare?

Caddy version (caddy version):

2.5.1

System environment:

Win11

My sniplet/part of the Caddyfile:

	@notLocal {
		not remote_ip 192.168.1.0/24
	}
	basicauth @notLocal {
		username password	
	}

What I already tried:

I have the header in top

header X-Forwarded-For {http.request.header.CF-Connecting-IP}

I tried

	@notLocal {
		not X-Forwarded-For IP_HERE
	}
	basicauth @notLocal {
		username password	
	}

But wont start with this, I’m not sure if its even supported this way

The X-Forwarded-For I can only find via request>headers>X-Forwarded-Form when logging but not sure if that has to do with anything

Yeah, it’s in the docs; if you use forwarded as the first arg to remote_ip, it looks at the XFF header.

1 Like

Ok think I had to re-read it since I did not understand it correctly then.

I thought you had to leave out remote_ip ?

This should work correct, right?

@notLocal {
		not remote_ip forwarded IP_HERE
	}
1 Like

forwarded is an argument to the remote_ip matcher, telling it to change how it behaves.

Yes you got it right, but you can shorten it, FYI:

@notLocal not remote_ip forwarded <ip>
2 Likes