Helo Caddy users,
I just released a simple Caddy WAF (OWASP rule-based filtering, IP and DNS filtering, rate limiting, GeoIP).
Features:
- Rule-based request filtering with regex patterns.
- IP and DNS blacklisting to block malicious traffic.
- Country-based blocking using MaxMind GeoIP2.
- Rate limiting per IP address to prevent abuse.
- Anomaly scoring system for detecting suspicious behavior.
- Request inspection (URL, args, body, headers, cookies, user-agent).
- Protection against common attacks (SQL injection, XSS, RCE, Log4j, etc.).
- Detailed logging and monitoring for security analysis.
- Dynamic rule reloading without server restart.
- Severity-based actions (block, log) for fine-grained control.
Example reverse proxy with WAF
# Global options
{
# Enable the global error log
log {
output file /var/log/caddy/errors.log
level ERROR
}
# Automatic HTTPS settings
email admin@example.com
}
# Reverse proxy for example.com
example.com {
# Enable WAF
waf {
# Rate limiting: 100 requests per 5 seconds
rate_limit 100 5s
# Rules and blacklists
rule_file /path/to/rules.json
ip_blacklist_file /path/to/ip_blacklist.txt
dns_blacklist_file /path/to/dns_blacklist.txt
# Country blocking (requires MaxMind GeoIP2 database)
block_countries /path/to/GeoLite2-Country.mmdb RU CN KP
# Enable detailed logging
log_all
# Define actions based on severity
severity critical block
severity high block
severity medium log
severity low log
}
# Log access to a file
log {
output file /var/log/caddy/access.log
format single_field common_log
}
# Reverse proxy to the origin server
reverse_proxy http://origin-server:8080 {
# Optional: Add headers to forward to the backend
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
}
Enjoy and contribute:
