Remote_ip but DNS?

1. The problem I’m having:

I simply want to know if Caddy has a mechanism to match a source client based on their DNS. Meaning, something similar to

remote_ip remotesite.ddnsdomain.com

where Caddy looks up somedomainname.com on some schedule/based on TTL and keeps a cache of the IP response. Many firewalls do this so you can say “Allow from host.ddnsdomain.com”. This is especially useful when dealing with source IPs that are on DDNS.

Google has turned up nothing, but I figured I might ask. Alternatively can I reference a file that I populate something like

file_path filevariablename /opt/listofIPs
remote_ip  filevariablename

And Caddy knows about changes to that file without a restart.

or I populate env variables or really any way to do this.

My fall back is something like use a snippet, create a cron of some sort to update the snippet with IPs and another cron or something to restart Caddy when the modify time changes to the snippet.

2. Error messages and/or full log output:

N/A

3. Caddy version:

2.6.4

4. How I installed and ran Caddy:

Docker

a. System environment:

Docker, Debian 11

b. Command:

N/A

c. Service/unit/compose file:

N/A

d. My complete Caddy config:

N/A

5. Links to relevant resources:

I don’t know of a matcher module that does this, currently. One could certainly be written though.

It’s just not efficient. Even if you cache responses, you still have to look them up initially, and if you get a flood of different names then it can become impractical and use up server resources.

I imagine such matching behavior would have to rely on PTR records. Does your DDNS provider set the PTR records?
As @matt said, such custom matcher may be implemented as a 3rd party module. The module needs to implement the RequestMatcher interface.

https://pkg.go.dev/github.com/caddyserver/caddy/v2@v2.6.4/modules/caddyhttp#RequestMatcher

1 Like

There’s a plugin for this!

5 Likes

Aha! Thank you. I’ll check it out.

1 Like

Ahhh that’s good to know :blush:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.