Skip to content

JasonLovesDoggo/caddy-defender

5 Branches6 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

JasonLovesDoggoJasonLovesDoggo
Update README.md
Jan 21, 2025
d08369f · Jan 21, 2025

History

49 Commits
.github
.github
Jan 16, 2025
.idea
.idea
Jan 14, 2025
development
development
Jan 15, 2025
examples
examples
Jan 17, 2025
ranges
ranges
Jan 19, 2025
responders
responders
Jan 17, 2025
utils
utils
Jan 16, 2025
.gitignore
.gitignore
Jan 16, 2025
CONTRIBUTING.md
CONTRIBUTING.md
Jan 17, 2025
Dockerfile
Dockerfile
Jan 16, 2025
LICENSE
LICENSE
Jan 15, 2025
README.md
README.md
Jan 21, 2025
config.go
config.go
Jan 17, 2025
go.mod
go.mod
Jan 16, 2025
go.sum
go.sum
Jan 16, 2025
middleware.go
middleware.go
Jan 17, 2025
plugin.go
plugin.go
Jan 17, 2025
responder.go
responder.go
Jan 14, 2025

Repository files navigation

Caddy Defender Plugin

The Caddy Defender plugin is a middleware for Caddy that allows you to block or manipulate requests based on the client's IP address. It is particularly useful for preventing unwanted traffic or polluting AI training data by returning garbage responses.

Features

  • IP Range Filtering: Block or manipulate requests from specific IP ranges.
  • Embedded IP Ranges: Predefined IP ranges for popular AI services (e.g., OpenAI, DeepSeek, GitHub Copilot).
  • Custom IP Ranges: Add your own IP ranges via Caddyfile configuration.
  • Multiple Responder Backends:
    • Block: Return a 403 Forbidden response.
    • Garbage: Return garbage data to pollute AI training.
    • Custom: Return a custom message.

Installation

Using Docker

The easiest way to use the Caddy Defender plugin is by using the pre-built Docker image.

  1. Pull the Docker Image:

    docker pull ghcr.io/jasonlovesdoggo/caddy-defender:latest

  2. Run the Container: Use the following command to run the container with your Caddyfile:

    docker run -d \
  --name caddy \
  -v /path/to/Caddyfile:/etc/caddy/Caddyfile \
  -p 80:80 -p 443:443 \
  ghcr.io/jasonlovesdoggo/caddy-defender:latest

    Replace /path/to/Caddyfile with the path to your Caddyfile.

Using xcaddy

You can also build Caddy with the Caddy Defender plugin using xcaddy, a tool for building custom Caddy binaries.

  1. Install xcaddy:

    go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest

  2. Build Caddy with the Plugin: Run the following command to build Caddy with the Caddy Defender plugin:

    xcaddy build --with github.com/jasonlovesdoggo/caddy-defender

    This will produce a caddy binary in the current directory.

  3. Run Caddy: Use the built binary to run Caddy with your configuration:

    ./caddy run --config Caddyfile

Configuration

Caddyfile Syntax

The defender directive is used to configure the Caddy Defender plugin. It has the following syntax:

defender <responder> {
    message <custom message>
    range <ip_ranges...>
}
  • <responder>: The responder backend to use. Supported values are:
    • block: Returns a 403 Forbidden response.
    • garbage: Returns garbage data to pollute AI training.
    • custom: Returns a custom message (requires responder_args).
  • <ip_ranges...>: A list of CIDR ranges or predefined range keys (e.g., openai, localhost) to match against the client's IP.
  • <custom message>: A custom message to return when using the custom responder.

Examples

Block Requests

Block requests from specific IP ranges:

localhost:8080 {
    defender block {
        range 203.0.113.0/24 openai 198.51.100.0/24 
    } 
    respond "Hello, world!" # what humans see
}

Return Garbage Data

Return garbage data for requests from specific IP ranges:

localhost:8081 {
    defender garbage {
        range 192.168.0.0/24 
    }
    respond "Hello, world!" # what humans see
}

Custom Response

Return a custom message for requests from specific IP ranges:

localhost:8082 {
    defender custom {
        message "Custom response message"
        range 10.0.0.0/8
    } 
    respond "Hello, world!" # what humans see
}

Embedded IP Ranges

The plugin includes predefined IP ranges for popular AI services. These ranges are embedded in the binary and can be used without additional configuration.

Service IP Ranges
OpenAI openai.go
DeepSeek deepseek.go
GitHub Copilot github.go
Microsoft Azure azure.go
Localhost (testing) localhost.go
AWS aws.go
AWS Region aws_region.go

More are welcome! for a precompiled list, see the embedded results

Contributing

We welcome contributions! Here’s how you can get started:

Adding New IP Ranges

To add new IP ranges, you need to create a new fetcher in the ranges/fetchers package. Follow the steps in the Contributing Guide.

Adding a New Responder

To add a new responder, you need to create a new responder in the responders package and update the UnmarshalCaddyfile method in the Defender struct to handle the new responder. Follow the steps in the Contributing Guide.

License

This project is licensed under the MIT License. See the LICENSE file for details.

Acknowledgments

Star History

Star History Chart

About

Caddy module to block or manipulate requests originating from AIs or cloud services trying to train on your websites

caddyserver.com/docs/modules/http.handlers.defender

Topics

security ai filter waf caddy web-security blocker caddyserver ip-blacklist caddy-plugin blockers ip-filtering chatgpt ai-blocker

Resources

Readme

License

MIT license

Security policy

Security policy
Activity

Stars

337 stars

Watchers

3 watching

Forks

11 forks
Report repository

Releases

6 tags

Sponsor this project

@JasonLovesDoggo JasonLovesDoggo Jason Cameron
Sponsor
Learn more about GitHub Sponsors

Packages 1

Contributors 12

Languages