Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

caddytls: Implement remote IP connection matcher #4123

Merged
merged 2 commits into from
Apr 30, 2021
Merged

caddytls: Implement remote IP connection matcher #4123

merged 2 commits into from
Apr 30, 2021

Conversation

mholt
Copy link
Member

@mholt mholt commented Apr 19, 2021

I'm not sure this is a good idea as a replacement for auth, but I think this could still be useful. See https://caddy.community/t/best-solution-for-mixing-lan-and-cloudflare-authenticated-origin-pulls/12139/8

@mholt mholt added this to the v2.4.0 milestone Apr 19, 2021
@mholt mholt added the under review 🧐 Review is pending before merging label Apr 19, 2021
@mholt
Implement IP range negation
200e622 
If both Ranges and NotRanges are specified, both must match.
@mholt mholt force-pushed the match-conn-remote-ip branch from 4df46e2 to 200e622 Compare April 29, 2021 22:08
@mholt
Copy link
Member Author

mholt commented Apr 30, 2021

I know this implementation using NotRanges might be disappointing, @francislavoie, but I realized that the connection policy matchers aren't really designed to be composed like the HTTP request matchers (conn policy matchers are only a list, whereas HTTP request matchers are a list of maps of lists). So I just went ahead with the simplest possible implementation to negate IP ranges.

@francislavoie
Copy link
Member

That's ok 👍

@mholt mholt removed the under review 🧐 Review is pending before merging label Apr 30, 2021
@mholt mholt merged commit 956f011 into master Apr 30, 2021
@mholt mholt deleted the match-conn-remote-ip branch April 30, 2021 16:14
@wazerstar
Copy link

Hey was this nuked again? I'm actually in this boat now, want to use same domain and when on lan with origin destination would avoid getting out on cloudflare and back in again before reaching internal.

@francislavoie
Copy link
Member

@wazerstar this isn't the right place to ask questions. Please ask on the forums instead, and fill out the help topic template: https://caddy.community

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.4.0
Development

Successfully merging this pull request may close these issues.
3 participants
@mholt @francislavoie @wazerstar