Send 403 error code in `handle_response`

aiozufh · April 19, 2025, 7:12am

1. The problem I’m having:

I’m trying to send a 403 code while rewriting the reponse of a proxy when a condition is met.

Here is my configuration:

reverse_proxy {
    to {args[0]}
    trusted_proxies 10.0.0.0/8 {args[1]} {args[2]}

    @auth header X-Auth-Status 403
    handle_response @auth {
        root * /usr/local/share/html
        file_server
        @fr header Accept-Language *fr*
        handle @fr {
            rewrite * /403-fr.html
        }
        rewrite * /403.html
    }
}

Problem is that, if i add a simple error 403 under handle_response, the 403 is sent, but i loose the custom page. Probably I’m not doing the right thing here

2. Error messages and/or full log output:

Unrelated

3. Caddy version:

v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=

aiozufh · April 19, 2025, 7:28am

I think I’ve fixed it:

reverse_proxy {
    to {args[0]}
    trusted_proxies 10.0.0.0/8 {args[1]} {args[2]}

    @auth header X-Auth-Status 403
    handle_response @auth {
        root * /usr/local/share/html
        @fr header Accept-Language *fr*
        handle @fr {
            rewrite * /403-fr.html
            file_server {
                status 403
            }
        }
        rewrite * /403.html
        file_server {
            status 403
        }
    }
}

Is this correct?

Mohammed90 · April 19, 2025, 8:14pm

I think it’s best if you use error then serve the custom page in handle_errors

aiozufh · April 20, 2025, 6:25am

But that would server custom page to all 403, no? It should be only if X-Auth-Status reports 403.

reverse_proxy {
    to {args[0]}
    trusted_proxies 10.0.0.0/8 {args[1]} {args[2]}

    @auth header X-Auth-Status 403
    handle_response @auth {
        error 403
    }
}

handle_errors {
    root * /usr/local/share/html
    @fr header Accept-Language *fr*
    handle @fr {
        rewrite * /403-fr.html
        file_server
    }
    rewrite * /403.html
    file_server
}

Mohammed90 · April 21, 2025, 8:24pm

Yes, you’re right. I thought you want to do the same for all 403. In that case, your earlier solution should work. Doesn’t it?

By the way, trusted_proxies is no longer supported in reverse_proxy and is now a server option.

Also, you don’t need to do this this way:

The * in rewrite is a matcher. Use it with the named matcher.

aiozufh · April 22, 2025, 5:42am

Thanks, I’ve simplified to:

reverse_proxy {
    to {args[0]}

    @auth header X-Auth-Status 403
    handle_response @auth {
        root * /usr/local/share/html
        @fr header Accept-Language *fr*
        rewrite @fr /403-fr.html
        rewrite * /403.html
        file_server {
            status 403
        }
    }
}

system · May 22, 2025, 5:43am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.