Some confusion about matcher

li_Xiao · September 30, 2022, 9:35am

Hello, I got some confusion about matcher, here is my config file:

{
        debug
        log
        order tls last
}

(caddy-guard-test) {
    
    handle /uri_path {

        @ua_denylist {
                import ./data/bad-user-agents.caddy
        }

        @ip_denylist {
                import ./data/bad-ips.caddy
        }

        @headers_matcher {
            header "x-forwarded-for" "127.0.0.1"
        }

        reverse_proxy @headers_matcher "http://127.0.0.1:81" {

            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}

        }
    
    }
}

http://127.0.0.1:80 {

    import caddy-guard-test

}

For some security reason, I want to caddy do reverse proxy when headers exact match, not include.

In this screenshot, I want to make matcher drop this requests when others headers also are coming and only accept “x-forwarded-for” along.

francislavoie · September 30, 2022, 4:38pm

I think you’re looking for the remote_ip matcher to do this.

Please fill out the help topic template, as per the forum rules.

li_Xiao · October 11, 2022, 3:24pm

I forgot to supply the version, I use the latest version caddy.

francislavoie · October 12, 2022, 3:22am

You still need to fill out the help topic template.

li_Xiao · October 12, 2022, 9:05am

Sorry, seem like I can’t edit the post.

francislavoie · October 12, 2022, 1:06pm

You can just post it as a reply in here. Click on New Topic, copy the template that it shows you in the message box, then paste it as a reply in this thread, and fill it out.

li_Xiao · October 26, 2022, 4:15pm

1. Output of `caddy version`:

v2.6.1 h1:EDqo59TyYWhXQnfde93Mmv4FJfYe00dO60zMiEt+pzo=

2. How I run Caddy:

Running with Kali Linux

a. System environment:

Linux kali 5.19.0-kali2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 5.19.11-1kali2 (2022-10-10) x86_64 GNU/Linux

b. Command:

sudo ./caddy run --config Caddyfile --adapter caddyfile

c. Service/unit/compose file:

d. My complete Caddy config:

{
        debug
        log
        order tls last
}

(caddy-guard-test) {
    
    handle /uri_path {

        @ua_denylist {
                import ./data/bad-user-agents.caddy
        }

        @ip_denylist {
                import ./data/bad-ips.caddy
        }

        @headers_matcher {
            header "x-forwarded-for" "127.0.0.1"
        }

        reverse_proxy @headers_matcher "http://127.0.0.1:81" {

            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}

        }
    
    }
}

http://127.0.0.1:80 {

    import caddy-guard-test

}

3. The problem I’m having:

Confusing in matcher modules

5. What I already tried:

li_Xiao · October 26, 2022, 4:16pm

@francislavoie I have another issue: how to enable tls1.0? I need it for some devices really old.

system · October 30, 2022, 9:36am

This topic was automatically closed after 30 days. New replies are no longer allowed.