Caddy: Reverse-proxy header_down headers not sent with caddy-basicauth

Created on 19 Aug 2020  路  4Comments  路  Source: caddyserver/caddy

Hello, I have a reverse proxy setup with caddy basic auth to secure it. I do not want that endpoint to be seen on Google, so there is also a header_down directive as such header_down X-Robots-Tag none, the problem is that it is not sent.

It is present after successfully logging in, but I do not want search engines find the login endpoint, even though there is 0 bytes of content on it. It should be passing the headers, in my case the X-Robots-Tag.

reverse_proxy backend:8088 {
        header_down X-Robots-Tag none
}

Am I missing something here?
Screen Shot 2020-08-19 at 4 44 33 AM

question
Source
picture mysticaltech

Most helpful comment

Thanks. It's simple: the reverse proxy is never invoked when the basic auth fails, i.e. when the user isn't authenticated. So no header manipulations happen.

You probably want the header directive instead. Notice the directive order: https://caddyserver.com/docs/caddyfile/directives#directive-order (this dictates the order of the middlewares)

picture mholt on 19 Aug 2020
1 🎉1

All 4 comments

What's your full (unredacted and unmodified) Caddyfile and curl command?

mholt picture mholt on 19 Aug 2020

Caddyfile (dummy hostname, sorry it's a work project)

backend.mysticaltech.com {
    reverse_proxy backend:8088 {
        header_down X-Robots-Tag none
    }
    basicauth {
        admin XXXXXXXXXXXXXXXX
    }
    log {
        format logfmt
        output file /data/logs/backend-caddy.log {
            roll_size 1gb
            roll_keep 5
            roll_keep_for 720h
        }
    }
}

cURL command is: curl -v backend.mysticaltech.com (dummy hostname) but with sent back headers screenshot above.

mysticaltech picture mysticaltech on 19 Aug 2020

Thanks. It's simple: the reverse proxy is never invoked when the basic auth fails, i.e. when the user isn't authenticated. So no header manipulations happen.

You probably want the header directive instead. Notice the directive order: https://caddyserver.com/docs/caddyfile/directives#directive-order (this dictates the order of the middlewares)

mholt picture mholt on 19 Aug 2020
1 🎉1

Thank you! Appreciate the explanation, makes perfect sense 馃檹馃徎 Worked like a charm.

mysticaltech picture mysticaltech on 19 Aug 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

wayneashleyberry picture wayneashleyberry  路  3Comments
mholt picture mholt  路  3Comments
whs picture whs  路  3Comments
PhilmacFLy picture PhilmacFLy  路  3Comments
klaasel picture klaasel  路  3Comments