README
¶
Caddy ACL
Access Control Lists middleware for Caddy. Allows to limit access of locations to certain client addresses.
Syntax
acl paths... {
allow <subnet|ip>
deny <subnet|ip>
status <code>
header <name>
}
- paths...: list of space separated locations to which apply ACL rules.
- allow: subnet or IP to explicitly allow to access paths.
- block: subnet or IP to explicitly deny from accessing paths.
- status: respond with the given code when denying a request. Defaults to 403.
- header: use the given header to get the client IP address. It always looks for X-Forwarded-For.
Denied subnets and IPs are checked first. If allow is used, only subnets and addresses explicitly allowed will be accepted. Otherwise only addresses explicitly denied will be rejected. Two options only make sense when deny is used: header and status. Multiple acl blocks can be used.
Examples
Only allow a given subnet (192.168.42.0/24) to access all files in /private:
acl /private {
allow 192.168.42.0/24
}
Allow 192.168.42.0/24 to access to /private and /kikoo, but deny access to 192.168.42.15:
acl /private /kikoo {
allow 192.168.42.0/24
deny 192.168.42.15
}
Deny only 2 subnets and one address from accessing /private:
acl /private {
deny 192.168.42.0/24
deny 10.10.52.0/27
deny 192.168.0.2
}
Documentation
Source Files
Click to show internal directories.
Click to hide internal directories.