55 lines
1.1 KiB
Caddyfile
55 lines
1.1 KiB
Caddyfile
{
|
|
admin off
|
|
}
|
|
|
|
:{$PORT} {
|
|
|
|
log {
|
|
output stdout
|
|
format console
|
|
}
|
|
|
|
header X-Caddy "active"
|
|
|
|
# HEALTH CHECK
|
|
|
|
@health path /healthz
|
|
respond @health 200
|
|
|
|
# PATH SCAN BLOCKERS
|
|
@xmlrpc path /xmlrpc.php
|
|
respond @xmlrpc 403
|
|
|
|
@rx_env path_regexp (?i)/?(.*/)?\.env
|
|
respond @rx_env 403
|
|
|
|
@rx_git path_regexp (?i)/?(.*/)?\.git
|
|
respond @rx_git 403
|
|
|
|
@rx_wpinc path_regexp (?i)/?(.*/)?wp-includes
|
|
respond @rx_wpinc 403
|
|
|
|
@rx_wplogin path_regexp (?i)/?(.*/)?wp-login\.php
|
|
respond @rx_wplogin 403
|
|
|
|
@rx_wpconfig path_regexp (?i)/?(.*/)?wp-config\.php
|
|
respond @rx_wpconfig 403
|
|
|
|
@rx_phpmy path_regexp (?i)/?(.*/)?phpmyadmin
|
|
respond @rx_phpmy 403
|
|
|
|
# SECURITY HEADERS
|
|
header {
|
|
X-Frame-Options "DENY"
|
|
X-Content-Type-Options "nosniff"
|
|
Referrer-Policy "strict-origin"
|
|
}
|
|
|
|
# BACKEND SERVICE
|
|
reverse_proxy {$BACKEND_HOST}:{$BACKEND_PORT} {
|
|
header_up X-Forwarded-Proto {scheme}
|
|
header_up X-Forwarded-For {remote}
|
|
header_up Host {host}
|
|
}
|
|
}
|