Skip to content
/ caddy-defender Public

Caddy module to block or manipulate requests originating from AIs or cloud services trying to train on your websites

defender.jasoncameron.dev/

License

MIT license
365 stars 11 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

JasonLovesDoggo/caddy-defender

BranchesTags

Repository files navigation

Caddy Defender Plugin

The Caddy Defender plugin is a middleware for Caddy that allows you to block or manipulate requests based on the client's IP address. It is particularly useful for preventing unwanted traffic or polluting AI training data by returning garbage responses.

Features

  • IP Range Filtering: Block or manipulate requests from specific IP ranges.
  • Embedded IP Ranges: Predefined IP ranges for popular AI services (e.g., OpenAI, DeepSeek, GitHub Copilot).
  • Custom IP Ranges: Add your own IP ranges via Caddyfile configuration.
  • Multiple Responder Backends:
    • Block: Return a 403 Forbidden response.
    • Custom: Return a custom message.
    • Drop: Drops the connection.
    • Garbage: Return garbage data to pollute AI training.
    • Redirect: Return a 308 Permanent Redirect response with a custom URL.
    • Ratelimit: Ratelimit requests, configurable via caddy-ratelimit.
    • Tarpit: Stream data at a slow, but configurable rate to stall bots and pollute AI training.

Installation

Using Docker

The easiest way to use the Caddy Defender plugin is by using the pre-built Docker image.

  1. Pull the Docker Image:

    docker pull ghcr.io/jasonlovesdoggo/caddy-defender:latest

  2. Run the Container: Use the following command to run the container with your Caddyfile:

    docker run -d \
  --name caddy \
  -v /path/to/Caddyfile:/etc/caddy/Caddyfile \
  -p 80:80 -p 443:443 \
  ghcr.io/jasonlovesdoggo/caddy-defender:latest

    Replace /path/to/Caddyfile with the path to your Caddyfile.

Please see the online documentation for other methods of installation.

Configuration

Caddyfile Syntax

The defender directive is used to configure the Caddy Defender plugin. It has the following syntax:

defender <responder> {
    message <custom message>
    ranges <ip_ranges...>
    url <url>
}
  • <responder>: The responder backend to use. Supported values are:
    • block: Returns a 403 Forbidden response.
    • custom: Returns a custom message (requires message).
    • drop: Drops the connection.
    • garbage: Returns garbage data to pollute AI training.
    • redirect: Returns a 308 Permanent Redirect response (requires url).
    • ratelimit: Marks requests for rate limiting (requires Caddy-Ratelimit to be installed as well ).
    • tarpit: Stream data at a slow, but configurable rate to stall bots and pollute AI training.
  • <ip_ranges...>: An optional list of CIDR ranges or predefined range keys to match against the client's IP. Defaults to aws azurepubliccloud deepseek gcloud githubcopilot openai.
  • <custom message>: A custom message to return when using the custom responder.
  • <url>: The URI that the redirect responder would redirect to.

For more information about the configuration, refer to the configuration page on the website.

Quick Start

The documentation website has info that includes the configurations of the plugin, code examples, and more.

For a quick start, follow the Getting Started guide to protect your server using the Caddy Defender Plugin.

For examples, check out docs/examples.md

Embedded IP Ranges

The plugin includes predefined IP ranges for popular AI services. These ranges are embedded in the binary and can be used without additional configuration.

Service Key IP Ranges
Alibaba Cloud aliyun aliyun.go
VPNs vpn vpn.go
AWS aws aws.go
AWS Region aws-us-east-1, aws-us-west-1, aws-eu-west-1 aws_region.go
DeepSeek deepseek deepseek.go
GitHub Copilot githubcopilot github.go
Google Cloud Platform gcloud gcloud.go
Oracle Cloud Infrastructure oci oracle.go
Microsoft Azure azurepubliccloud azure.go
OpenAI openai openai.go
Mistral mistral mistral.go
Vultr vultr vultr.go
Cloudflare cloudflare cloudflare.go
Digital Ocean digitalocean digitalocean.go
Linode linode linode.go
Private private private.go
All IP addresses all all.go

Disabled by default (require manual inclusion at build time)

Service Key IP Ranges
Tor Exit Nodes tor tor.go
ASN (Autonomous System Numbers) asn asn.go

More are welcome! for a precompiled list, see the embedded results

Contributing

We welcome contributions! To get started, see CONTRIBUTING.md.

License

This project is licensed under the MIT License. See the LICENSE file for details.

Acknowledgments

Star History

Star History Chart

About

Caddy module to block or manipulate requests originating from AIs or cloud services trying to train on your websites

defender.jasoncameron.dev/

Topics

security ai filter waf caddy web-security blocker caddyserver ip-blacklist caddy-plugin blockers ip-filtering chatgpt ai-blocker

Resources

Readme

License

MIT license

Security policy

Security policy
Activity

Stars

365 stars

Watchers

3 watching

Forks

11 forks
Report repository

Releases

6 tags

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

 
 
 

Contributors 13

Languages