Skip to content

Getting Started with the Caddy Defender Plugin

The Caddy Defender Plugin is a powerful middleware for the Caddy web server that allows you to control and manipulate traffic based on the client's IP address. Whether you're looking to block unwanted requests, pollute AI training data, or return custom responses, this plugin provides a flexible and easy-to-use solution.

How to Protect Your Server with Caddy Defender

Let’s walk through a quick demo to see how the Caddy Defender plugin works in action.

Step 1: Install Caddy with the Defender Plugin

Using Docker, you can quickly get started with the Caddy Defender plugin:

docker pull ghcr.io/jasonlovesdoggo/caddy-defender:latest

Step 2: Create a Caddyfile

Create a Caddyfile with the following configuration:

{
    order defender before basicauth
}

localhost:8080 {
    # Block requests from OpenAI's IP range
    defender block {
        range openai
    }

    # Return garbage data for requests from a specific IP range
    defender garbage {
        range 192.168.0.0/24
    }

    # Return a custom message for requests from another IP range
    defender custom "Access denied!" {
        range 10.0.0.0/8
    }

    # Default response for allowed clients
    respond "Welcome to our website!"
}

This configuration:

  • Blocks requests from the predefined openai IP range with a 403 Forbidden response.
  • Returns garbage data for requests from the 192.168.0.0/24 range.
  • Returns a custom message Access denied! for requests from the 10.0.0.0/8 range.
  • Displays "Welcome to our website!" for all other clients.

Step 3: Run the Caddy Server

Start the Caddy server using Docker:

docker run -d \
  --name caddy-defender \
  -v /path/to/Caddyfile:/etc/caddy/Caddyfile \
  -p 8080:8080 \
  ghcr.io/jasonlovesdoggo/caddy-defender:latest

Step 4: Test the Configuration

1. Allowed Client:

  • Access http://localhost:8080 from an allowed IP.
  • You’ll see the response: Welcome to our website!

2. Blocked Client (OpenAI Range):

  • Access http://localhost:8080 from an IP in the openai range. (ask chatgpt to read your website)
  • You’ll receive a 403 Forbidden response.

3. Garbage Response Client:

  • Access http://localhost:8080 from an IP in the 192.168.0.0/24 range.
  • You’ll receive a garbage response, such as random bytes or nonsensical text.

4. Custom Message Client:

  • Access http://localhost:8080 from an IP in the 10.0.0.0/8 range.
  • You’ll receive the custom response: Access denied!