Using maxmind_geolocation with reverse_proxy

1. The problem I’m having:

I’m trying to set up caddy so that accesses coming from Portugal get reverse-proxied through, and anything from anywhere else gets a 403 error. Unfortunately, I can’t seem to figure out how to get the config file for it right.

2. Error messages and/or full log output:

Please use the preview pane to ensure it looks nice.

3. Caddy version:

v2.6.4 with the porech/caddy-maxmind-geolocation module.

4. How I installed and ran Caddy:

Downloaded the binary from Download Caddy

a. System environment:

Ubuntu Linux Jammy, amd64.

b. Command:

./caddy_geolock start

d. My complete Caddy config:

	key_type p256
} {
	file_server browse
} {
	reverse_proxy *
} {
	@mygeofilter {
		maxmind_geolocation {
			db_path "/home/ubuntu/GeoLite2-Country.mmdb"
			allow_countries PT

	reverse_proxy * {

	basicauth /bridge/* {

5. Links to relevant resources:

I’m basically trying to get the @mygeofilter and reverse_proxy sections to work together, but it doesn’t seem to be working – the current attempt just lets anybody through.

That’s because:

The * means “every request”. So you’re allowing every request through the filter. And @mygeofilter inside the block shouldn’t even parse correctly, I’m surprised you don’t get errors.

Do this instead:

reverse_proxy @mygeofilter

Technically that syntax used to define a response matcher. But I’m surprised passing no arguments to it doesn’t error, yeah. I’ll look into that.

What you probably want though is to reject the request if the not from PT, so you should do this instead:

@mygeofilter not maxmind_geolocation {
	db_path "/home/ubuntu/GeoLite2-Country.mmdb"
	allow_countries PT
error @mygeofilter 403

1 Like

Ah good point, forgot about that!