How to protect direct ip access in caddy

Question

I've a subdomain: api.example.com

And I've a caddyfile that use a reverse proxy to redirect to my api backend:

api.example.com {
  basicauth {
    user my_hashed_password
  }
  reverse_proxy localhost:8000
}

As you can see I protect the access of this api with a simple basicauth. It work as expected. But I can still access the api without authentication if use my_ip:8000 (for example 1.1.1.1:8000). How can I also apply the basic auth for the ip direct access ?

I've tried something like:

:8000 {
  basicauth {
    user my_hashed_password
  }
  handle api.example.com {
    reverse_proxy localhost:8000
  }
}

But caddy is angry because I use a reverse_proxy on the same port as the one declared above.

score 1 · Accepted Answer · answered Apr 01 '23 at 06:29

1

If port 8000 is not configured in Caddy, you cannot add basicauth in Caddy. You need to configure it in the application that is listening on port 8000.

answered Apr 01 '23 at 06:29

vishun

79
6

Thanks, I'm not familiar with those kinds of things. So indeed, I simply modify my docker compose file, so the port 8000 is now only available on localhost. From `8000:8000` to `127.0.0.1:8000:8000`. – obchardon Apr 04 '23 at 08:09

How to protect direct ip access in caddy

1 Answers1