Feature Request: Exclude/whitelist path in block

[mwpastore]

It would be great for quirky things (like WordPress) to be able to exclude/whitelist some path(s) in an ipfilter allow stanza, like so:

ipfilter /wp-admin {
  if {path} not /wp-admin/admin-ajax.php
  allow
  ip ::1
  strict
}

This example follows the syntax used by rewrite, minify, etc., but it could take other forms; possibly something like:

ipfilter {
  regex /wp-admin(?!/admin-ajax\.php).*
  allow
  ip ::1
  strict
}

[pyed]

you can use as many ipfilter blocks as you please, I think what you are trying to do with your first example is

ipfilter /wp-admin/admin-ajax.php {
    rule block
    ip ::/0
    strict
}

I'm not sure how useful regex in paths would be, they will be fairly easy to add though, I prefer the following:

ipfilter /wp-admin(?!/admin-ajax\.php).* {
    rule allow
    ip ::1
    strict
}

happy to get a PR ;)

[mwpastore]

Ah, no, what I'm trying to do with the first one is the same as what I'm trying to do with the second one: don't apply the ipfilter if the path is /wp-admin/admin-ajax.php, but apply the ipfilter to everything else under /wp-admin.

What you say is interesting. I didn't realize that overlapping paths would be processed the way I want them to: with more specific paths matching first and taking precedence over more general paths. This combination of ipfilters actually works great for this use-case:

ipfilter /wp-admin {
    rule allow
    ip 1:2:3:4::/56
    strict
}

ipfilter /wp-admin/admin-ajax.php {
    rule block
}

Does that all make sense?

[pyed]

Yup, multiple blocks with overlapping paths work as you described, that's what I tried and failed to explain with my first comment

[mwpastore]

Beautiful. Thank you for the help, and for a great Caddy feature!