li_Xiao
(li Xiao)
September 30, 2022, 9:35am
1
Hello, I got some confusion about matcher, here is my config file:
{
debug
log
order tls last
}
(caddy-guard-test) {
handle /uri_path {
@ua_denylist {
import ./data/bad-user-agents.caddy
}
@ip_denylist {
import ./data/bad-ips.caddy
}
@headers_matcher {
header "x-forwarded-for" "127.0.0.1"
}
reverse_proxy @headers_matcher "http://127.0.0.1:81" {
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
}
}
}
http://127.0.0.1:80 {
import caddy-guard-test
}
For some security reason, I want to caddy do reverse proxy when headers exact match, not include.
In this screenshot, I want to make matcher drop this requests when others headers also are coming and only accept “x-forwarded-for” along.
I think you’re looking for the remote_ip
matcher to do this.
Please fill out the help topic template, as per the forum rules.
1 Like
li_Xiao
(li Xiao)
October 11, 2022, 3:24pm
3
I forgot to supply the version, I use the latest version caddy.
You still need to fill out the help topic template.
li_Xiao
(li Xiao)
October 12, 2022, 9:05am
5
Sorry, seem like I can’t edit the post.
You can just post it as a reply in here. Click on New Topic, copy the template that it shows you in the message box, then paste it as a reply in this thread, and fill it out.
li_Xiao
(li Xiao)
October 26, 2022, 4:15pm
7
1. Output of caddy version
:
v2.6.1 h1:EDqo59TyYWhXQnfde93Mmv4FJfYe00dO60zMiEt+pzo=
2. How I run Caddy:
Running with Kali Linux
a. System environment:
Linux kali 5.19.0-kali2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 5.19.11-1kali2 (2022-10-10) x86_64 GNU/Linux
b. Command:
sudo ./caddy run --config Caddyfile --adapter caddyfile
c. Service/unit/compose file:
d. My complete Caddy config:
{
debug
log
order tls last
}
(caddy-guard-test) {
handle /uri_path {
@ua_denylist {
import ./data/bad-user-agents.caddy
}
@ip_denylist {
import ./data/bad-ips.caddy
}
@headers_matcher {
header "x-forwarded-for" "127.0.0.1"
}
reverse_proxy @headers_matcher "http://127.0.0.1:81" {
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
}
}
}
http://127.0.0.1:80 {
import caddy-guard-test
}
3. The problem I’m having:
Confusing in matcher modules
5. What I already tried:
li_Xiao
(li Xiao)
October 26, 2022, 4:16pm
8
@francislavoie I have another issue: how to enable tls1.0? I need it for some devices really old.
system
(system)
Closed
October 30, 2022, 9:36am
9
This topic was automatically closed after 30 days. New replies are no longer allowed.