Deny remote access to local domains

2023-09-24 02:45:30 +02:00 · 2023-09-24 02:45:30 +02:00 · 43aed3e6b7
parent cbb672fe74
commit 43aed3e6b7
1 changed files with 18 additions and 2 deletions
--- a/roles/docker_services/templates/Caddyfile.j2
+++ b/roles/docker_services/templates/Caddyfile.j2
@ -23,7 +23,15 @@
        -Server
    }

-    reverse_proxy ipfs_kubo:5001
+    @local {
+        remote_ip 192.168.0.0/16
+    }
+
+    handle @local {
+        reverse_proxy ipfs_kubo:5001
+    }
+
+    respond 403
 }

 {{ services.ipfs.gateway_domain }},
@ -76,5 +84,13 @@
        -Server
    }

-    reverse_proxy pihole:80
+    @local {
+        remote_ip 192.168.0.0/16
+    }
+
+    handle @local {
+        reverse_proxy pihole:80
+    }
+
+    respond 403
 }