Rate limiting based on source IP address or method type e.g. HTTP

masumbuet · January 13, 2021, 10:13pm

1. Caddy version (`caddy version`):

2.0.0 or latest version

2. How I run Caddy:

We run caddy as a proxy to serve different web requests from our users.

a. System environment:

We use linux based system.

b. Command:

We use docker based caddy. So we run caddy with docker run:

docker run -it --rm --detach --name default_proxy --log-opt max-size=10m --log-opt max-file=5 --net=host --privileged=true $Proxy_Image --caddyfile=Caddyfile-block --log-level=info

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile or JSON config:

http://*:80/ {
  root /var/www/html/
  some_ip
  tls off
  log stdout
}

3. The problem I’m having:

Does the latest version of caddy or version 2.0.0 has built in support for rate limiting? If not, is there any caddy plugin that supports this?

4. Error messages and/or full log output:

5. What I already tried:

6. Links to relevant resources:

francislavoie · January 13, 2021, 11:20pm

What does that mean exactly? The latest version is v2.3.0, and the difference is quite significant.

This doesn’t look like a valid Caddyfile. What’s some_ip? The syntax for root is incorrect (needs a * as the first argument for the path to not be considered a matcher). Having the / at the end of your site block will only accept requests for exactly / and nothing else in v2, because path matching is exact (so remove that trailing /). And log stdout is not valid in Caddy v2.

All that said, I’m not yet aware of any rate limiting plugins for Caddy v2. You might use fail2ban though, you can find a recent thread about that (but it’s not so simple)

system · February 12, 2021, 10:13pm

This topic was automatically closed after 30 days. New replies are no longer allowed.