caddy_remote_host

package module
v0.0.0-...-bdfd287 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 18, 2022 License: Apache-2.0 Imports: 11 Imported by: 0

README

Go Coding Time

caddy-remote-host

Caddy plugin to match a request's client IP against A and AAAA DNS records of a host name (analogously to remote_ip). Can be useful to restrict route access to a client, that uses dynamic DNS. Uses the host machine's local DNS resolver (uses LookupIP internally).

Usage

remote_host [forwarded] [nocache] <hosts...>

Accepts valid host names. If forwarded is given as an argument, then the first IP in the X-Forwarded-For request header, if present, will be preferred as the reference IP, rather than the immediate peer's IP, which is the default. If nocache is given as an argument, this module will not cache DNS responses and instead resolve the given hosts' for every request. By default, responses are cached for 60 seconds, regardless of the DNS record's time-to-live (TTL).

Multiple remote_host matchers will be OR'ed together.

Example

Match requests from a client, whose IPv4 or IPv6 address is the same as what ddns.example.org resolves to.

remote_host ddns.example.org

Fork for testing: use github.com/muety/caddy-remote-host

License

Apache 2.0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type MatchRemoteHost 

type MatchRemoteHost struct {
	// Host names, whose corresponding IPs to match against
	Hosts []string `json:"hosts,omitempty"`

	// If true, prefer the first IP in the request's X-Forwarded-For
	// header, if present, rather than the immediate peer's IP, as
	// the reference IP against which to match. Note that it is easy
	// to spoof request headers. Default: false
	Forwarded bool `json:"forwarded,omitempty"`

	// By default, DNS responses are cached for 60 seconds, regardless
	// of the DNS record's TTL. Set nocache to true to disable this
	// behavior and never use caching. Default: false
	NoCache bool `json:"nocache,omitempty"`
	// contains filtered or unexported fields
}

MatchRemoteHost matches based on the remote IP of the connection. A host name can be specified, whose A and AAAA DNS records will be resolved to a corresponding IP for matching.

Note that IPs can sometimes be spoofed, so do not rely on this as a replacement for actual authentication.

func (MatchRemoteHost) CaddyModule 

func (MatchRemoteHost) CaddyModule() caddy.ModuleInfo

CaddyModule returns the Caddy module information.

func (*MatchRemoteHost) Match 

func (m *MatchRemoteHost) Match(r *http.Request) bool

Match returns true if r matches m.

func (*MatchRemoteHost) Provision 

func (m *MatchRemoteHost) Provision(ctx caddy.Context) (err error)

Provision implements caddy.Provisioner.

func (*MatchRemoteHost) UnmarshalCaddyfile 

func (m *MatchRemoteHost) UnmarshalCaddyfile(d *caddyfile.Dispenser) error

UnmarshalCaddyfile implements caddyfile.Unmarshaler.

func (*MatchRemoteHost) Validate 

func (m *MatchRemoteHost) Validate() error

Validate implements caddy.Validator.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.