1. The problem I’m having:
Not sure if I configured my rate limiter the right way. I want to rate limit only the login page and this is my current config block from caddyfile. Is this the right approach?
How would I be able to test the rate limiter anyway?
Thank you!
2. Error messages and/or full log output:
No error messages
3. Caddy version:
2.9.1
4. How I installed and ran Caddy:
Inside LXC on proxmox
a. System environment:
b. Command:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
c. Service/unit/compose file:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
d. My complete Caddy config:
*.repina.eu {
tls /etc/caddy/certs/cert.pem /etc/caddy/certs/cert.key
header -Server
header {
# This tells the client to store responses for one week.
Cache-Control max-age=604800
# Set the referrer policy to send the origin only when making cross-origin requests.
Referrer-Policy origin-when-cross-origin
# Enable HSTS (HTTP Strict Transport Security) to force HTTPS for one year including subdomains.
Strict-Transport-Security max-age=31536000 includeSubDomains
}
@ha host ha.repina.eu
handle @ha {
reverse_proxy 192.168.x.x:x
header {
# This will deny website access to the listed hardware features for security purposes.
Permissions-Policy autoplay=(), midi=()
# Block XSS attacks to some degree using a report-only CSP.
Content-Security-Policy-Report-Only "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: basemaps.cartocdn.com brands.home-assistant.io; font-src 'self'; connect-src 'self' raw.githubusercontent.com; upgrade-insecure-requests;"
}
rate_limit /auth/authorize* {
# distributed # only needed if multiple caddy instances
zone limit_by_ip {
key {remote_host}
events 20
window 10s
}
}
}
