Wildcard domains

[dmke]

I'm looking to replace Apache's Require host directive with this plugin (docs).

I do however need support for wildcards and suffixes e.g.

@paypal {
  remote_host .paypal.com  # matches notify.paypal.com, but also foo.bar.paypal.com
  remote_host *.paypal.com # matches notify.paypal.com, but not foo.bar.paypal.com
}

The current RegExp doesn't find either acceptable:

caddy-remote-host/plugin.go

Line 90 in b21775a

hostRegex, err = regexp.Compile(`^((([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]))$`)

(The matcher loop in (*MatchRemoteHost) resolveIPs() probably needs adjusting as well.)

[muety]

Hi @dmke, thanks for your feature request! To support suffixes and wildcards, the plugin would have to implement reverse DNS lookups (#5), which it currently doesn't support. It's not hard to implement, but am still not expecting to get to this very soon, unfortunately.

For the record, here's the implementation of the Apache2 module: https://github.com/apache/httpd/blob/trunk/modules/aaa/mod_authz_host.c.

[dmke]

I've started some work here: master...dmke:caddy-remote-host:master, though progress is currently a bit slow.

This will (eventually) become a series of PRs. I'm currently working on tests, before I'll start a larger refactoring. The next big step will be swapping the stdlib resolver for miekg/dns (which is already part of Caddy) and replacing the cache in order to support TTLs (#1). I believe that to be the necessary foundation in order to tackle #4 (this issue) and #5 (rDNS lookups).

[muety]

Very cool, thanks a lot for this! 🙌

The next big step will be swapping the stdlib resolver for miekg/dns

I intentionally didn't want to use that package (even though it's very useful), because I tend to be very economical with regard to external dependencies. But if you're saying it's already part of Caddy anyway, then it's fine 👍.