README
¶
Caddy + Cloudflare
Caddy v2 module for retrieving Cloudflare IP blocks. It extends trusted_proxy with a new cloudflare IP source module and add a new cloudflare_only directive for rejecting requests from ips outside the Cloudflare block range.
Installation
To install the module, you need to build Caddy with it included. You can do this using xcaddy:
xcaddy build --with github.com/HeavenVolkoff/caddy-cloudflare
Configuration
Add the following to your Caddyfile to enable the module:
{
order cloudflare_only before redir
servers {
trusted_proxies cloudflare
}
}
yourdomain.com {
cloudflare_only
respond "Hello, World!"
}
cloudflare_only Options
reject_if_empty: (boolean) If set tofalse, the module will allow every request while the IP blocks are not yet populated.
Usage
Once configured, the module will automatically fetch the latest Cloudflare IP blocks, add it as a trusted upstream proxy, and restrict communication to only remote ip know to be from Cloudflare. If a request comes from an IP not in the Cloudflare block range, the connection will be rejected with a 403 - Forbidden.
Contributing
Contributions are welcome! Please open an issue or submit a pull request with your improvements.
License
This project is licensed under the MIT License. See the LICENSE file for details.
Copyright
I am not affiliated with either Caddy or Cloudflare.
Caddy® is a registered trademark of Stack Holdings GmbH.
Cloudflare® is a registered trademarks of Cloudflare, Inc.
Documentation
¶
Index ¶
- type CloudflareIPBlock
- type CloudflareIPs
- type CloudflareIpSource
- type CloudflareOnly
- func (CloudflareOnly) CaddyModule() caddy.ModuleInfo
- func (cf *CloudflareOnly) Provision(ctx caddy.Context) error
- func (cf CloudflareOnly) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error
- func (cf *CloudflareOnly) UnmarshalCaddyfile(d *caddyfile.Dispenser) error
- func (cf *CloudflareOnly) Validate() error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CloudflareIPBlock ¶
type CloudflareIPBlock struct {
// contains filtered or unexported fields
}
func GetCloudflareIpBlock ¶
func GetCloudflareIpBlock(ctx caddy.Context) *CloudflareIPBlock
type CloudflareIPs ¶
type CloudflareIPs struct {
IPv4CIDRs []string `json:"ipv4_cidrs"`
IPv6CIDRs []string `json:"ipv6_cidrs"`
}
func FetchCloudflareIPs ¶
func FetchCloudflareIPs(ctx context.Context) (*CloudflareIPs, error)
type CloudflareIpSource ¶
type CloudflareIpSource struct {
// contains filtered or unexported fields
}
func (CloudflareIpSource) CaddyModule ¶
func (CloudflareIpSource) CaddyModule() caddy.ModuleInfo
CaddyModule returns the Caddy module information.
func (*CloudflareIpSource) GetIPRanges ¶
func (cf *CloudflareIpSource) GetIPRanges(_ *http.Request) []netip.Prefix
func (*CloudflareIpSource) Provision ¶
func (cf *CloudflareIpSource) Provision(ctx caddy.Context) error
func (*CloudflareIpSource) UnmarshalCaddyfile ¶
func (cf *CloudflareIpSource) UnmarshalCaddyfile(d *caddyfile.Dispenser) error
type CloudflareOnly ¶
type CloudflareOnly struct {
RejectIfEmpty bool `json:"reject_if_empty,omitempty"`
// contains filtered or unexported fields
}
func (CloudflareOnly) CaddyModule ¶
func (CloudflareOnly) CaddyModule() caddy.ModuleInfo
func (*CloudflareOnly) Provision ¶
func (cf *CloudflareOnly) Provision(ctx caddy.Context) error
func (CloudflareOnly) ServeHTTP ¶
func (cf CloudflareOnly) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error
func (*CloudflareOnly) UnmarshalCaddyfile ¶
func (cf *CloudflareOnly) UnmarshalCaddyfile(d *caddyfile.Dispenser) error
func (*CloudflareOnly) Validate ¶
func (cf *CloudflareOnly) Validate() error
Source Files