Skip to content

caddy-plugin

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History
 
 

caddy-plugin

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
.gitignore
.gitignore
 
 
Caddyfile
Caddyfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
handler.go
handler.go
 
 
httpsig.go
httpsig.go
 
 

README.md

web-bot-auth Caddy Plugin

GitHub License GitHub Release

Caddy plugin extending Caddy configuration to allow for validation of web-bot-auth as defined in draft-meunier-web-bot-auth-architecture.

Tables of Content

Features

This is an example plugin and only supports Ed25519. You can find a test key in Appendix B.1.4 of RFC 9421.

  • httpsig configuration hook
  • Parse HTTP Message Signatures directory
  • Block request without a valid signature

Usage

First, you need to install xcaddy

go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest

Then you build caddy

xcaddy build latest --with github.com/cloudflareresearch/web-bot-auth/examples/caddy-plugin=./

And finally, you run caddy

./caddy run --config Caddyfile

To generate a signed request, you can use the sibling browser extension.

Security Considerations

This software has not been audited. Please use at your sole discretion.

License

This project is under the Apache 2.0 license.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be Apache 2.0 licensed as above, without any additional terms or conditions.