4

我正在尝试在我的 Caddy v2 配置上实施 IP 白名单。相当于 NGINX 配置的东西,例如:

allow 1.1.1.1;
allow 8.8.8.8;
deny all;

我当前的 Caddy 配置非常简单:

my.website.com {
        reverse_proxy http://127.0.0.1:3000 {   
    }
}

谢谢

4

3 回答 3

4

您可以在 caddy v2 中尝试这样的操作:

my.domain.com {
    @teammember {
        remote_ip forwarded 183.77.5.126 113.73.5.126
    }
    handle @teammember {
        reverse_proxy /* localhost:8081
    }
    respond "<h1>You are attempting to access protected resources!</h1>" 403
}
于 2021-09-15T09:13:56.733 回答
0

我并不是说 qed 的答案是错误的,但是我无法让它在我的情况下工作(可能是由于在句柄中使用了导入模板?)...

我的解决方案是......旧配置:

private.example.com {
  import my_template argument_1 /path/to/example/argument2
}

这改为:

private.example.com {
  @blocked not remote_ip 1.2.3.4
  respond @blocked "<h1>Access Denied</h1>" 403
  import my_template argument_1 /path/to/example/argument2
}

只需添加这两行,就可以在该 IP 上访问我的网站。来自不同 IP 的测试 curl 返回 403 错误。

这是在 Caddy 2.4.6 上完成的

于 2022-02-13T21:40:42.320 回答
-3

I am not sure it is possible directly in Caddy, but you can add a middleware/plugin to do this.

Here is the link you can get it : https://github.com/pyed/ipfilter

According to the doc of this middleware, to you want to allow only the 2 IPs you wrote, you should probably do something like this :

my.website.com {
    reverse_proxy http://127.0.0.1:3000

    ipfilter / {
        rule allow
        ip 1.1.1.1 8.8.8.8
        blockpage notauthorized.html
    }
}

I also think if want to block every requests, not just the /, you have to write ipfilter /* instead of ipfilter /.

于 2021-03-25T20:55:38.843 回答