Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Avoiding misconfigurations that could lead to breaches #1967
As you know, one of the primary goals of Caddy is for it to be easy to configure. I strongly believe that easy configuration with sane defaults is crucial for good security. As Troy Hunt testified to US Congress today, misconfigurations and prioritizing convenience are primary causes of allowing data/security breaches.
I'm interested in looking into ways that Caddy can further help prevent accidentally making a site or service accessible to the public when it is not intended to be. It already does this to an extent by requiring a certificate by default, which requires public verification of a domain name. However, some services may use a public domain name or subdomain but are only meant to be exposed on internal interfaces.
Ways that Caddy could protect a site or service:
There are probably others; but the point is, how can we go about reducing the likelihood of a server misconfiguration such that content which is intended only to be private is not made public?
As an example of part of a solution to help you get an idea of what might be possible, imagine typing a directive called "
I would consider:
I'd add the following to the list: