Query matcher using cel regex

1. Output of caddy version:

v2.5.2 h1:eCJdLyEyAGzuQTa5Mh3gETnYWDClo1LjtQm2q9RNZrs=

2. How I run Caddy:

docker compose

a. System environment:

docker

b. Command:

docker compose up -d

c. Service/unit/compose file:

# syntax = docker/dockerfile:1.2

ARG VERSION=2.5.2


FROM caddy:$VERSION-builder-alpine AS builder

RUN --mount=type=cache,target=/go/pkg/mod \
    xcaddy build \
    --with github.com/caddy-dns/cloudflare \
    --with github.com/mastercactapus/caddy2-proxyprotocol \
    --with github.com/mholt/caddy-ratelimit \
    --with github.com/greenpau/caddy-security


FROM caddy:$VERSION-alpine

RUN apk add --no-cache ca-certificates
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

d. My complete Caddy config:

my.domain.sh {
   @allowed {
      expression `{query.redirect_url}[0].matches(r"^https:\/\/[^\/]+\.domain\.sh\/")`
   }
   respond @allowed "hello world"
   respond "Access denied" 403 
}

3. The problem I’m having:

I would like to configure caddy to only allow request with specific query param value and respond 403 otherwise.

4. Error messages and/or full log output:

Paste logs/commands/output here.
USE THE PREVIEW PANE TO MAKE SURE IT LOOKS NICELY FORMATTED.

5. What I already tried:

Browsing cel documentation, searching the forum,

6. Links to relevant resources:

What exactly is the problem? That config looks like it should work to me. What happens instead?

1 Like

ah sorry, the problem is when i send request to https://my.domain.sh/some/path?redirect_url=https://other.domain.sh, i got 403 instead of “hello world”

1 Like

solved it {query.redirect_url}.matches(r"^https:\/\/[^\/]+\.domain\.sh\/")

2 Likes