Just fired up Caddy for the first time today with a simple Caddyfile - I just want to wrap some rate-limiting around an existing web service. The problem is that the rate-limiting directive is being ignored. I’m using 0.9.5…
OK for the group, this plugin did a ‘smart’ thing and allowed all RFC1918 addresses 10.0.0.0/8 etc. to be classed as ‘internal traffic’ and were not subject to the rate-limiting.
This makes the plugin less useful for use in AWS. However, by adding the ‘realip’ plugin, I have been able to get the desired behaviour.
This is now my working config:
0.0.0.0:2015
prometheus 0.0.0.0:9180
realip {
from 10.0.0.0/8
}
ratelimit / 3 3 minute
proxy / localhost:8888
tls off
log stdout
and the log shows the real public IP of the end client, rather than the internal address of the AWS ELB .