logo
IP Allow / Deny Rules in Caddy

IP Allow / Deny Rules in Caddy

Dec 23, 2025

IP Allow / Deny Rules in Caddy

IP filtering allows you to explicitly allow or block traffic from specific IP addresses or ranges. This is useful for:

  • Internal dashboards

  • Admin APIs

  • Restricting access to trusted networks

Allow Only Specific IPs (Whitelist)

Example: Allow access only from two IP addresses.

example.com {
    @allowed_ips {
        remote_ip 203.0.113.10 198.51.100.25
    }

    handle @allowed_ips {
        reverse_proxy localhost:3000
    }

    respond "Access denied" 403
}

All other IPs will receive a 403 Forbidden response.

Block Specific IPs (Blacklist)

Example: Block known abusive IPs.

example.com {
    @blocked_ips {
        remote_ip 192.0.2.50 203.0.113.99
    }

    handle @blocked_ips {
        respond "Access denied" 403
    }

    reverse_proxy localhost:3000
}

Blocked IPs are denied before reaching your Node.js app.

Restrict Routes by IP

Example: Allow /admin only from a private network.

example.com {

    handle_path /admin/* {
        @internal {
            remote_ip 10.0.0.0/8 192.168.0.0/16
        }

        handle @internal {
            reverse_proxy localhost:3000
        }

        respond "Forbidden" 403
    }

    handle {
        reverse_proxy localhost:3000
    }
}

Best Security Practices in Caddy

23 Dec 2025

Best Security Practices in Caddy

Read more aboutBest Security Practices in Caddy
Adding Rate Limiting in Caddy

23 Dec 2025

Adding Rate Limiting in Caddy

Read more aboutAdding Rate Limiting in Caddy
Adding Basic Authentication in Caddy

23 Dec 2025

Adding Basic Authentication in Caddy

Read more aboutAdding Basic Authentication in Caddy
Explore More Blogs