-
-
Save mgeeky/6bf98e7c055360cf5e8b99225ff03056 to your computer and use it in GitHub Desktop.
Caddyfile reverse proxy example for C2 platforms
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
# This instructs Caddy to hit the LetsEncrypt staging endpoint, in production you should remove this. | |
acme_ca https://acme-staging-v02.api.letsencrypt.org/directory | |
} | |
(proxy_upstream) { | |
# Enable access logging to STDOUT | |
log | |
# This is our list of naughty client User Agents that we don't want accessing our C2 | |
@ua_denylist { | |
header User-Agent curl* | |
} | |
# This is our list of naughty IPs that we want to prevent from accessing our C2 | |
@ip_denylist { | |
remote_ip 8.8.8.8/32 | |
} | |
header { | |
-Server | |
+X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" | |
+X-Content-Type-Options "nosniff" | |
} | |
# Respond with a 403 if the client has a User Agent defined in our naughty list | |
# Lot more you can do with this (e.g. redirect to seperate domain), check the docs | |
respond @ua_denylist "Forbidden" 403 { | |
close | |
} | |
# Respond with a 403 if the client has an IP defined in our naughty list | |
# Lot more you can do with this (e.g. redirect to seperate domain), check the docs | |
respond @ip_denylist "Forbidden" 403 { | |
close | |
} | |
# Reverse proxy to our host "c2platform" on port 80 | |
# Caddy automatically adds a X-Forwarded-For header which is super useful for Cobalt Strike | |
reverse_proxy c2platform:80 { | |
header_up Host {upstream_hostport} | |
header_up X-Forwarded-Host {host} | |
header_up X-Forwarded-Port {port} | |
} | |
} | |
www.legitdomain.com { | |
# Use the proxy_upstream code snippet (defined above) | |
import proxy_upstream | |
} | |
legitdomain.com { | |
# Use the proxy_upstream code snippet (defined above) | |
import proxy_upstream | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment